Recomendados
Recomendados
Más contenido relacionado
Similar a UIA Madrid Seminar (17-04-15)
Similar a UIA Madrid Seminar (17-04-15) (20)
UIA Madrid Seminar (17-04-15)
- 1. GDPR: Material scope, what’s new? Esfera Legal Victor Roselló Mallol www.esferalegal.cat Pau Claris 144, 1º, 08009 Barcelona | Tel: 93 434 44 48 Paseo de la Castellana, 179, Ascensor C, 1ª planta, 28046 Madrid Tel: Madrid Tel: 91 286 56 95 Share it: #UIAdata @vic_rosello @esfera_legal
- 2. What IS Personal Data? Any information: regardless its nature (subjective and objective; not only true information); its content (not only intimate data) and its format (paper or computer). Relating to: content, purpose OR result. Identified or identifiable: all means reasonable. Natural person: regardless country of residence, living persons; legal persons only Italy, Austria and Luxembourg. Spain: NOT legal persons and contact details of such legal persons even if they are natural persons.
- 3. Current Directive Case Law Rechnungshof vs Osterrichscher Rundfunk. 20.05.03: Scope does not depend on whether processing of PD has a connection with free movement between MS. Lindquist, 6.11.03: loading PD on an Internet Site is processing by automating means. Nikolau vs Commission. 12.09.07: personal information in a press release, is PD. Huber vs Germany. 16.12.08: Art. 3 (2) excludes processing of PD concerning public security, defense and criminal activities.
- 4. Current Directive Case Law Markus Schecke GbR v. Land Hessen. 9.11.10: legal persons can claim protection under art. 7 and 8 CFR only if official title of legal person identifies the natural person. Under art. 8 no principle justifies exclusion of activities of professional nature from the notion of private life. Worten-Equipamentos para o Lar SA vs ACT. 30.05.13: PD contained in working time records, relating to working and rest periods, is personal data. Google Spain SL vs AEPD 13.05.14: Searching engine activities constitute processing of personal data. Collects, retrieves, records and organize. Schwarz vs Bochum. 17.10.14: fingerprints constitute PD. Rynes vs Urad pro ochranu osobnich udaju. 11.12.14: image of a person recorded by a camera, constitutes PD.
- 5. DP Definition GDPR vs Directive “… any information relating to an identified or identifiable natural person (“data subject”); and identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, unique identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social or gender identity of that person.”
- 6. Scope GDPR vs Directive Art. 2 GDPR: This Regulation applies to the processing of personal data wholly or partly by automated means, irrespective of the method of processing, and to the processing other than by automated means of personal data which form part of a filing system or are intended to form part of a filing system. ‘Filing system' means any structured set of personal data which are accessible according to specific criteria, whether centralized, decentralized or dispersed on a functional or geographical basis;
- 7. Household exemption Art. 2.2 d) and Recital 15: GDPR does not apply to processing of data, exclusively personal, family- related, or domestic, such as correspondence and the holding of addresses or a private sale and without any connection with a professional or commercial activity. It does apply to DC and DP which provide de means for such processing.
- 8. ECJ preliminary ruling 11/12/14 Czech citizen installs a fix camera, without real time view, to protect his house and family. The camera recorded the entrance of his home, the public footpath and the entrance to the opposite house. Household exemption must be “narrowly constructed”. Processing of data must be carried out purely for personal or household purposes. When monitoring also public space, household exemption does not applies.
- 9. What about… Legal persons…GDPR does not apply. Individuals representing legal persons… “content”, “purpose” and “result” criteria should apply. Unborn and dead…genetic data? Anonymous data…GDPR does not apply. Pseudonymous data…not significant impact on DS interests, except DS pseudonymous data might be related to a DS. IP, cookies, RFI tags…within GDPR scope, except they do not relate to identifiable or identified natural person.
- 10. Thanks!!