|
Data Protection Directive
- 95/46/EC -
http://www.europa.eu.int/comm/justice_home/fsj/privacy/
What is personal
data (according to EU)?
Personal data can be
any
information relating to an identified or identifiable
natural person (directly or indirectly): Name,
telephone number, photos…
Specific to his physical, physiological, mental,
economic, cultural or social identity
What is
processing of personal data?
Any
operation performed upon personal data whether
or not by automatic means
What is
sensitive personal data?
Data revealing racial or ethnic origin,
political opinions, religious or philosophical
beliefs, trade-union membership, data concerning
health or sex life.
Sensitive data – Member states must prohibit the
processing of these sensitive personal data.
Restrictions apply
The EC Data
Protection Directive covers the following areas:
Information to be given to the data subject
The data
subject's right to object
Transfer of personal data to third countries
Supervisory authorities
Data Controllers
must adhere to the following rules:
Data must be relevant and not excessive in
relation to the purpose for which they are
processed.
Data must be accurate.
Data controllers are required to provide
reasonable measures for data subjects to
rectify, erase or block incorrect data about
them
The directive
prohibits transfer
of personal information
to countries that lack adequate protection of
privacy.
There are ‘derogations’ - exceptions.
The solution…may be a contract
“The object of such a contract would be to
provide for adequate safeguards with respect to
the protection of privacy and fundamental rights
and freedoms of individuals…”
|
