All Questions
Tagged with united-kingdom european-union
114
questions
1
vote
0
answers
64
views
Is it GDPR compliant to require registration to access a privacy policy?
There is currently an issue with Windows operating systems, reputed to be related to Falcon Sensor from CrowdStrike. From the description of their tool, the question of GDPR compliance can be asked ...
6
votes
1
answer
2k
views
Is deciding to use google fonts the sort of decision that makes an entity a controller rather than a processor?
In ensuring GDPR compliance determining which entities are data controllers and which data processors is a critical step. The UK government says:
The UK GDPR defines a controller as:
the natural or ...
0
votes
0
answers
19
views
Does the transfer occurring under Article 45, 46 or 49 affect the Right of Access under Article 15.2?
Transfer of personal data from the UK to the US can, at least in theory, occur under Articles 45, 46 and 49. These all have different requirements.
Article 15 of the GDPR the Right of access includes ...
0
votes
0
answers
22
views
What does being "informed of the appropriate safeguards pursuant to Article 46" mean?
Article 15 of the GDPR the Right of access includes section 2:
Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be ...
1
vote
0
answers
45
views
How specific does the information need to be relating to personal information transfer between data controllers?
When personal information is transferred between data controllers the GDPR imposses certain requirements. Among these are information that must be provided to the data subject. As I understand it ...
1
vote
1
answer
139
views
Can computer performance metrics be personal data?
ScorecardResearch is a major data collection organisation that serves code onto some major UK web sites. Their privacy policy mentions a lot of tracking, including "hardware or device ...
8
votes
2
answers
4k
views
Is it legal to discriminate on marital status for car insurance/pensions etc.?
In 2012 the European Court of Justice (ECJ) ruled that gender is no longer allowed to be a factor when premiums are calculated for "everything from pensions to car and life insurance".
I ...
0
votes
3
answers
140
views
Do the various anti-end to end encryption laws have provisions concerning third party clients?
There has been multiple attempts to criminalise end to end encryption (E2E). Currently in the news is the EU Chat Control 2.0 (though it seems it has now been withdrawn), the UK passed the Online ...
3
votes
0
answers
44
views
Does there exist an example of meaningful information about an automated individual decision-making algorithm?
The GDPR Article 14 includes provisions for the data subject to have meaningful information about an automated individual decision-making algorithm that which produces legal effects concerning him or ...
0
votes
0
answers
58
views
Does the GDPR right to deletion in Art. 17 effectively include some "disproportionate effort" exception?
Some provisions of the GDPR have explicit exceptions about "disproportionate effort". Particularly relevant is the one in Article 19:
The controller shall communicate any rectification or ...
1
vote
1
answer
89
views
What exactly is a decision wrt. GDPR Automated individual decision-making?
The GDPR Article 22 provides rights relating to automated individual decision-making, including profiling. It starts:
The data subject shall have the right not to be subject to a decision based ...
5
votes
2
answers
167
views
How do Wi-Fi Positioning Systems interact with the GDPR?
There is a paper (described in the news) that details how to use Apple's Wi-Fi Positioning System (WPS) facilitates mass surveillance, even of those not using Apple devices. The system is described ...
0
votes
2
answers
159
views
Double Jeopardy when received a police caution?
I was curious about the application of Double Jeopardy around the world, and in particular the European Union, in the following scenario.
Someone commits a crime in England, the police arrest them. ...
0
votes
0
answers
83
views
MLAT De Minimis period?
The UK Government website covers Mutual Legal Assistance Treaty (MLAT) requests that it receives from outside of the UK.
I was hoping someone could clarify the De Minimis part.
Question 1:
Focusing on ...
4
votes
1
answer
113
views
What happens when data that was not personal information become personal information?
Supposed there is some data that is not associated with an individual. This data is processed by a company and distributed on the web. At a later date this data becomes associated with an individual ...
0
votes
0
answers
36
views
Is a third party which solicits and accepts personal data from a customer on another’s behalf a processor or a controller?
Alice contracts with ACME insurance which sends her to their identity verification solution provider’s app/website (BCME KYC SOLUTIONS Inc). BCME’s portal asks Alice for photos of herself and other ...
1
vote
1
answer
75
views
Can either side of a GDPR SAR require the other to agree to ToS during the identification process?
I shall use a real situation that happened to me, but this is just to demonstrate my point. I am definitely not going to do anything about it. This is a purely theoretical question, I am not ...
0
votes
1
answer
100
views
Is "gossip surveillance" processing personal data under the GDPR?
The Guardian has an article on "gossip surveillance" where strangers report on social media private conversations they are not party to in the hope of exposing duplicity from the speakers in ...
2
votes
2
answers
176
views
Is it legal/appropriate to email a GDPR SAR to the executive team if that is the only email address the company provides?
This is prompted by this question but I am fairly sure I do not have the correct answer so I am making this one.
My personal answer to "How do I get my data from company X under GDPR" is to ...
1
vote
2
answers
199
views
What are an employed/contracted software developer's responsibilities under the GDPR?
This is prompted by this question but that is rather complicated by the technical details. Suppose the following hypothetical:
Alice is a software developer for Bob Inc. perhaps as a normal employee, ...
3
votes
1
answer
98
views
Can one person's genetic information be another persons personal information?
In the UK GDPR ‘personal data’ is defined as:
‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one ...
8
votes
1
answer
3k
views
Does GDPR apply when PII is already publicly available?
Pretend there is a website, it might be free to access, or be a paid per search service, where the users get access to summarised information on the people that they search for.
All of the information ...
4
votes
1
answer
546
views
What does "Household Exception" to the GDPR mean?
GDPR Section 2 Recital 18 (?) reads:
Not Applicable to Personal or Household Activities
This Regulation does not apply to the processing of personal data by a natural person in the course of a purely ...
0
votes
1
answer
43
views
To what extent was the Equality Act 2010 shaped by or did it “implement” legal provisions of the EU?
The DPA 2018 was passed pursuant to the EU GDPR to achieve uniformity across the EU in relation to matters of personal data. The unfair contract term regulations too were passed to implement EU ...
0
votes
1
answer
54
views
Do anti discrimination laws bind overseas service providers when the victims of their discrimination are in the jurisdiction of the law?
Bob lives in Birmingham or perhaps Madrid. He joins an online club operated by an overseas entity based in Peru, or perhaps Chicago.
They incidentally find out that he is black and promptly cancel his ...
12
votes
3
answers
4k
views
Do EU or UK consumers enjoy consumer rights protections from traders that serve them from abroad?
Bob lives in Manchester, or alternatively in Lyon. He purchases a product or service from a vendor in the USA, or perhaps Timbuktu.
Do European or British consumer rights legislations bind the ...
1
vote
1
answer
89
views
Do any other consumer rights laws have extraterritorial applicability to international organisations that cater to British or European customers?
The GDPR purports to bind any organisation, wheresoever it may be based, that serves individuals based in the EU, or (as the case may be) the UK.
The GDPR governs the obligations of organisations and ...
3
votes
2
answers
1k
views
What is the U.K. GDPR?
I understand that the DPA implemented the GDPR in British law as an act of Parliament. Then there was Brexit, and the U.K. GDPR was introduced to stand in for the no longer binding EU GDPR, with only ...
5
votes
1
answer
95
views
Under what conditions are 3rd party works automatically subject to the OGL 1.0a?
Are 3rd party creations that are "compatible with" D&D automatically subject to the OGL (OGL 1.0a for the purposes of all references in this question), or can they be published without ...
2
votes
1
answer
474
views
Do contracts require pages or clauses numbered?
A question asked by another member about missing pages in a lease brings to my mind the question of whether there is a legal requirement for contract pages to be numbered so that it is e.g. obvious ...
-1
votes
2
answers
1k
views
Can someone be prosecuted posthumously?
Can someone be prosecuted posthumously in the British or EU courts for alleged sexual offences committed many centuries ago?
1
vote
1
answer
151
views
Is selling program / liking bot legal?
Would it be legal to sell a program / bot that log into a website account and like others posts? Is it legal on the assumption that user is responsible for use of that program (getting ban is his ...
1
vote
1
answer
286
views
What exactly triggers the GDPR Article 14?
Article 14 of the GDPR concerns the requirement for a data controller to inform the data subject when they obtain personal data has been obtained from an entity that is not the data subject:
Art. 14 ...
10
votes
4
answers
5k
views
Is there a way to determine if an email address is personal information?
The GDPR defines personal data as:
Personal data is information that relates to an identified or identifiable individual.
My understanding is that this means that [email protected] is ...
1
vote
1
answer
103
views
Is satelite data personal data?
It is in the news that artificial intelligence (AI) has been applied to aerial photography to identify homeowners who have made unauthorised additions of swimming pools to their properties in France. ...
1
vote
1
answer
35
views
Responsabilities on data breaches UK Data Protection Act
Following a question from THIS StackExchange about Data Protection Act application in the UK, there is an aspect about "proactivity" and "responsabilities" that I do not fully ...
0
votes
1
answer
59
views
Does the UK have a (enforcable) law linked with the Data Protection Act to control document's metadata?
Reading the information on the ICO's website, I came across a few items mentioning how to handle metadata on my organization's workflow like THIS or THIS.
I noticed they use expressions like "...
5
votes
0
answers
44
views
Pension rights post Brexit
In the EU, if you worked in another member state for a period of time, that period will add to the minimum amount of time you need to work to be able to claim pension from another member state (with ...
1
vote
2
answers
106
views
If I sell an item to someone in another country, whose laws apply?
If I sell a large item (example car/caravan/boat) from the UK in a private deal to a person in a country in the EU, which countries laws (apply in the event of a dispute)?
0
votes
2
answers
55
views
If you recieve others PII as part of the response to a GDPR SAR do you become a data controller?
Say Alice makes a GDPR Subject Access Request of a data controller, and in response receives some of Bob's Personally Identifiable Information, does the Alice then become a data controller with ...
1
vote
2
answers
196
views
Is it legal in Spain/Europe to retain an employee until a replacement is found?
When an employee sends his resignation letter, is it legal to retain that employee indefinitely until a replacement is found? Is it legal to claim damages if he leaves?
This is for Spanish law and ...
0
votes
1
answer
36
views
Is it possible to receive VAT refunds for products bought within last 6 months before leaving UK from stores not specifically enrolled in scheme?
Edit: as pointed out by xngtng, this is no longer in operation and was scrapped a couple of years ago.
Suppose one buys something from a shop that doesn't specifically partake in the vat refund scheme....
1
vote
2
answers
63
views
Limits of automated decision making WRT workplace surveys
As part of the GDPR, if personal data is used for automated decision making a number of rules apply, particularly regarding consent and access to data.
A number of companies offer workplace surveys, ...
10
votes
2
answers
3k
views
Can I store the names of arbitrary business associates in my CRM system?
I'm running an agency and I would like to store the names of employees of my client's companies to help me build client relationships.
For example, "Gina works on reception."
Is this allowed ...
-3
votes
1
answer
205
views
Does a company’s T&C or their house rules supersede law and is asking private health status (including the request to wear a mask) an offence?
In January 2022 I used an airline to fly from UK to Spain. As soon as I boarded, I made myself comfortable and ready to sleep as I had no opportunity to do so the night before. I took my mask off as I ...
1
vote
1
answer
99
views
Does the GDPR apply to reference managers?
Reference managers are software products that record the details of scientific papers that one interacts with. All academics and many others use them as a crucial tool of their work. Common examples ...
2
votes
1
answer
185
views
Does the GDPR cover reference to court proceedings?
On this site many good answers are referenced by real court cases, usually in the form Surname vs. Surname [date] <link to further details>. There also exist documents (example is US so as not ...
38
votes
3
answers
6k
views
Legality of penalising Russian Oligarchs
What is the legal basis for penalising individual Russian Oligarchs?
Having ill-gotten wealth and dubious friends is hardly unique to Russia, and whilst I can understand with the desire of the Western ...
1
vote
1
answer
54
views
What references are available for the GDPR legitimate interests balancing test?
A basis for the processing of personally identifiable data (PII) is legitimate interest. According to the UK ICO data controllers who rely on this basis should conduct a legitimate interests ...
0
votes
1
answer
92
views
Create a company to manage my personal domain name
I own a domain name that has the format last-name.com, that is used primarily for personalised email addresses for my family. At the moment, I am the legal owner of the domain name and the ...