Please enable JavaScript.
Coggle requires JavaScript to display documents.
17-INTERNET TECH AND COMMS (MOBILE APPS (consent (to store info in the…
17-
INTERNET TECH
AND COMMS
CLOUD COMPUTING
customer systems/data are
stored in many
provider's locations
around the world
art. 3 (GDPR scope)
customer:controller
supplier:processor
contract customer-supplier
art.28
international data-transfers
customers are responsible
for GDPR compliance
limiting cloud to EEA
choosing privacy shield suppliers
model clauses
tailored data transfers agreements
(to be approved by DPAs)
BCRs
codes of conduct/certifications
art.49 exceptions, e.g. consent (unrealistic) :no_entry:
COOKIES
identify a unique device
are PD
GDPR application to extra EEA websites
setting cookies on EU individuals
ePrivacy art.5(3)
Consent
application
varies per MS
information
optin before cookie setting
real choice by user
via
browser settings
if
browser rejecting by def.
3rd party cookies
clear information
positive action required by user
impossible to bypass user choices
IPs
to build profiles
,
therefore PD
PD themselves
ECJ-Breyer
: dynamic/static IPs can be PD in the hands of organisations other than ISPs
Reference to
all the means reasonably likely to be used
by controller/other subject to identify DS
SEARCH ENGINES
processes
IPs
cookies
user log files
SE controller
3rd party webpages
SE controller
of PD therein in that it play a great role in dissemination of such PD (ECJ-Google Spain)
GDPR
scope
SE based in EEA - art.3(1)-
establishment
SE based extra EEA
art.3(2)a -
offering services
to EU individuals
art.3(2)b-
monitoring EU individuals
(SE creation of user log files)
art.3(1)-
establishment
-for SE processing of PD contained in 3rd party websites, if SEs have EU establishment whose activities are economically linked to SE core activities (
ECJ-GoogleVsSpain
)
DP issues
data retention -
max 6 months
correlation and further processing for other purposes -
information to users
compliance with DS rights-
correction/deletion rights
SNS
SNS controller
-providing online comms platform
-determining the use of PD for ad purposes
GDPR
scope:
see SEs
SNS apps designed by 3rd parties
3rd parties controller
SNS
users
uploading data
household exception :green_cross:
SN is used as organisation platform
user controlle
r :red_cross:
user extends data access beyond his contacts
user controller
:red_cross:
exception for journalistic/artistic/literary purposes:green_cross:
duty to inform users
MOBILE APPS
GDPR+ePrivacy
data sent by app to app developer
app developer controller
MAC address/device fingerprinting for profiling:
consent required
duty to
inform
users
consent
to store info in the device
to process user data
granular