Please enable JavaScript.
Coggle requires JavaScript to display documents.
Week5 The right to privacy and data processing - Coggle Diagram
Week5
The right to privacy
and data processing
Privacy: a clash of rights
Private law sphere
Freedom of speech
Right to privacy
Public law sphere
To what extent the government may interfere with somebody's right to privacy to protect public security, morality, or health
Privacy laws around the world
The U.S.A.
The constitution
Freedom of speech: firmly embedded to the Constitution
↕️
Right to privacy: no general recognition
Fourteenth Amendment: recognized the right to liberty, which encompasses privacy aspects in the sphere of family life and self determination
Fourth Amendment: citizens are protected against unreasonable searches and seizures by the government
Expectation of privacy
Subjective test ↔ Objective test
State constitutions: a general right to privacy is recognized in the Constitution of some of the U.S. States themselves
Federal laws: regulate both public and
private law aspects but always in separate acts
Driver's Privacy Protection Act, Educational Right and Privacy Act
The privacy of internet behaviour
The privacy of communication
Electronic Communications Privacy Act
⬆️Internet Service Providers are excepted
Patriot Act
The privacy of financial information
The privacy of medical records
Tort law and the right to privacy
Invasion of privacy
Intrusion on seclusion
The intrusion must be unauthorized
A reasonable person should find the intrusion objectionable
The intrusion should concern a private matter
The intrusion results in some form of suffering
Appropriation
Right of publicity
Public disclosure
The information that is disclosed should be publicly disclosed
The information should be private
The information should be offensive to a reasonable person
The information should not be newsworthy
False light(=Defamation)
The EU
Regulation 2016/679 - private legal relations
Directive 2016/680 - public legal relations
Processing personal data
Direct identification: usually the name of an individual is involved
↕️
Indirect identification: the data does not explicitly identify the data subject
Controller: determines the purposes and means of the processing of personal data
Processor: processes the personal data on behalf of the controller
Recipient: whom the personal data is disclosed
Principle
(Article 5 of Regulation 2016/679)
Lawfulness, fairness and transparency:
data procession should at all time be in compliance with European and domestic legislation
Purpose limitation: data is collected for specified, explicit and legitimate purposes & data should not be further processed in a manner that is incompatible with this legitimate purpose
Data minimization: processed data should be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
Accuracy: personal data which is processed should be accurate and kept up to date
Storage limitation: data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed
Integrity and confidentiality: personal data must be processed in a manner that ensures appropriate security of the personal data
Accountability: at any time, the controller is responsible for the data processing, and liable for any violations of privacy laws
Justification (Article 6 of Regulation 2016/679):
each and every data processing should be justifiable
Special data types (Regulation 2016/679):
specifies particular types of data that may not be processed at all, except in occasional circumstances
Data subject rights (Articles 16-21 of Regulation 2016/679):
data subject has various rights towards the data controller
Jurisdiction challenges
Safe harbour principles ➡️ EU-US Privacy Shield