当前位置:
X-MOL 学术
›
Int. Data Priv. Law
›
论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
What does it mean for a data subject to make their personal data ‘manifestly public’? An analysis of GDPR Article 9(2)(e)
International Data Privacy Law ( IF 2.500 ) Pub Date : 2021-02-23 , DOI: 10.1093/idpl/ipab005 Edward S Dove , Jiahong Chen
中文翻译:
数据主体将其个人数据“明显公开”意味着什么?对 GDPR 第 9(2)(e) 条的分析
更新日期:2021-02-23
International Data Privacy Law ( IF 2.500 ) Pub Date : 2021-02-23 , DOI: 10.1093/idpl/ipab005 Edward S Dove , Jiahong Chen
Key points
- This article investigates an under-discussed and potentially significant provision in the EU General Data Protection Regulation (GDPR), namely Article 9(2)(e), which permits processing of special category personal data if the ‘processing relates to personal data which are manifestly made public by the data subject’.
- This provision may be of increasing interest to data controllers in a variety of cloud-based, internet-related, and/or social media contexts. We specifically consider the application of this provision in the context of genetic data and open data sharing (ie data that can be freely used, re-used, and redistributed by anyone), illustrating this by way of several cases of initiatives that seek to share genetic data. We query whether by uploading one’s own genetic data onto the internet, a person has made their data ‘manifestly public’ within the meaning of the GDPR.
- Our response to this query is that in general, the answer should be no, but it remains possible. We argue that Article 9(2)(e) must be construed narrowly; outside of clearly defined contexts, it would be legally inappropriate to invoke and rely upon this manifestly public self-disclosure exception in data protection law. Our narrow interpretation of the provision aligns with the limited guidance made available from data protection authorities. As part of this argument, we propose a legal test that must be satisfied before Article 9(2)(e) may be lawfully invoked, and which is grounded in the intent of the data subject.
中文翻译:
数据主体将其个人数据“明显公开”意味着什么?对 GDPR 第 9(2)(e) 条的分析
关键点
- 本文调查了欧盟通用数据保护条例 (GDPR) 中讨论不足且可能具有重要意义的条款,即第 9(2)(e) 条,该条款允许处理特殊类别的个人数据,如果“处理与以下个人数据有关”数据主体明确公开”。
- 在各种基于云的、与互联网相关的和/或社交媒体环境中,此条款可能会引起数据控制者越来越多的兴趣。我们特别考虑在基因数据和开放数据共享(即任何人都可以自由使用、重复使用和重新分发的数据)的背景下应用这一规定,并通过几个寻求共享的倡议案例来说明这一点基因数据。我们询问是否通过将自己的基因数据上传到互联网上,一个人是否已经按照 GDPR 的含义“明显公开”了他们的数据。
- 我们对这个问题的回答是,一般来说,答案应该是否定的,但它仍然是可能的。我们认为第 9(2)(e) 条必须作狭义解释;在明确定义的上下文之外,援引和依赖数据保护法中这种明显公开的自我披露例外在法律上是不合适的。我们对该条款的狭义解释与数据保护机构提供的有限指导一致。作为这一论点的一部分,我们提出了一项法律测试,该测试必须在第 9(2)(e) 条可以合法援引之前得到满足,并且基于数据主体的意图。
京公网安备 11010802027423号