...
Presentation by Peter Kimpian
- See slides at https://icann-community.icannatlassian.orgnet/wiki/download/attachments/64064540101516741/Kimpian_pdp_rds_2_2_17.pdf
- Right to privacy is a universal right, even if it is interpreted differently in different countries.
- Individuals have to be in control of their personal data (the whole trail of data). Overarching principles: necessity, proportionality, purpose specification / purpose limitation.
- For data processing there has to be a legitimate aim/purpose. Lawful and fair means of data processing. Lawful = it has to be regulated and/or not forbidden by legislation.
- Valid legal basis (law, consent, contract, vital interest of the individual). This concept is also present in other legal frameworks, not only the European one.
- Data processing needs to be adequate, relevant and not excessive.
- Data minimization principle: no processing of data for the sake of data, only for a purpose. During the processing, the data controller has the obligation to process the minimum amount of data that is fit for purpose.
- There are a number of exemptions (see slide 4). Always conditions to these exemptions. Need to establish criteria under which such exemptions are permissible.
- Disclosure of data (slide 5) - same rules apply as for processing, however there is a third party that enters into the picture using the data for a secondary purpose.
- Accountability (slide 6) - data controller is accountable for upholding data protection principles.
...