dpv icon indicating copy to clipboard operation
dpv copied to clipboard

Published 20 hours ago verified publisher icon w3c

Add Right Non-fulfilment Justifications for GDPR’s rights

Open besteves4 opened this issue 2 years ago • 11 comments

Hey,

In the context of the PROTECT project, we defined a list of exemptions to GDPR’s data subject rights. We welcome discussions with experts in law.

The concepts we are proposing to add to DPV are:

  • Right Non-Fulfilment Justification -Definition: Organisations can deny a data subject from exercising their rights where it is necessary and proportionate but also allowed by the relevant regulation -Source: GDPR, Arts. 23, 13.4, 14.5

  • Right to be Informed Non-Fulfilment Justification -Definition: Reasons why the data controller should not provide the data subject with the relevant information, according to Arts. 13 or 14 as applicable, about an intended data processing activity -Source: GDPR, Arts. 13.4, 14.5 -Subclass of: Right Non-Fulfilment Justification

  • Data Subject is Already Informed -Definition: The data subject already has the relevant information about the intended data -Source: GDPR, Arts. 13.4, 14.5.a -Subclass of: Right to be Informed Non-Fulfilment Justification

  • Cause Extraordinary Effort for the Data Controller -Definition: Providing the data subject with the relevant information would imply an impossible or disproportionate effort for the data controller -Source: GDPR, Art. 14.5.b -Subclass of: Right to be Informed Non-Fulfilment Justification

  • Render impossible the processing -Definition: Providing the data subject with the relevant information would render impossible or seriously impair the processing -Source: GDPR, Art. 14.5.b -Subclass of: Right to be Informed Non-Fulfilment Justification

  • Disclose in a Member State or Union law -Definition: The information due to the data subject is already disclosed in a Member State or Union law -Source: GDPR, Art. 14.5.c -Subclass of: Right to be Informed Non-Fulfilment Justification

  • Existence of Confidentiality Obligation -Definition: The data subject is not informed about a data processing activity due to the existence of a confidentiality obligation that covers the processing activity -Source: GDPR, Art. 14.5.d -Subclass of: Right to be Informed Non-Fulfilment Justification

  • Expression of Opinion about the Data Subject -Definition: The personal data relating to the data subject consisting of an expression of opinion about the data subject by another given in confidence or on the understanding that it would be treated as confidential to a person who has a legitimate interest in receiving it -Source: GDPR, Art. 23.1 -Subclass of: Right Non-Fulfilment Justification

  • Prevent Investigation -Definition: There is an allegation being made against the data subject and it is felt that the disclosure of data in the context of the request could in some way hinder the investigation -Source: GDPR, Art. 23.1 -Subclass of: Right Non-Fulfilment Justification

  • Safeguard Third Party Rights -Definition: The data subject is only allowed to seek data in relation to themselves. Where another person may be identifiable from any information which may identify the third-party data should be redacted unless the third party has given consent -Source: GDPR, Art. 23.1 -Subclass of: Right Non-Fulfilment Justification

  • Confidentiality of Opinion about the Data Subject -Definition: There is a confidential opinion expressed about the data subject by a member of staff -Source: GDPR, Art. 23.1 -Subclass of: Right Non-Fulfilment Justification

  • Impair the Achievement of Archiving Purposes -Definition: The request of the data subject can be refused if the exercise of rights would be likely to render impossible or seriously impair the achievement of archiving purposes or such restriction is necessary for the fulfilment of those purposes -Source: GDPR, Art. 23.1 -Subclass of: Right Non-Fulfilment Justification

  • Legal Privilege -Definition: Documents that have personal data of the data subject exempt from disclosure in court proceedings apply in relation to a Subject Access Request, this applies to both legal advice and litigation privilege -Source: GDPR, Art. 23.1 -Subclass of: Right Non-Fulfilment Justification

  • Safeguard National Security -Definition: The exercise of the right by the data subject can be refused to safeguard national security where accepting the request of the right poses a threat to it -Source: GDPR, Art. 23.1 -Subclass of: Right Non-Fulfilment Justification

  • Safeguard Defence -Definition: The exercise of the right by the data subject can be refused to safeguard defence where accepting the request of the right poses a threat to it -Source: GDPR, Art. 23.1 -Subclass of: Right Non-Fulfilment Justification

  • Safeguard Public Security -Definition: The exercise of the right by the data subject can be refused to safeguard public security where accepting the request of the right poses a threat to it -Source: GDPR, Art. 23.1 -Subclass of: Right Non-Fulfilment Justification

  • Safeguard Judicial Independence or Proceedings -Definition: The exercise of the right by the data subject can be refused to safeguard judicial independence or proceedings where accepting the request of the right poses a threat to it -Source: GDPR, Art. 23.1 -Subclass of: Right Non-Fulfilment Justification

besteves4 avatar Oct 19 '22 11:10 besteves4