All Questions
43
questions
1
vote
0
answers
64
views
Is it GDPR compliant to require registration to access a privacy policy?
There is currently an issue with Windows operating systems, reputed to be related to Falcon Sensor from CrowdStrike. From the description of their tool, the question of GDPR compliance can be asked ...
6
votes
1
answer
2k
views
Is deciding to use google fonts the sort of decision that makes an entity a controller rather than a processor?
In ensuring GDPR compliance determining which entities are data controllers and which data processors is a critical step. The UK government says:
The UK GDPR defines a controller as:
the natural or ...
0
votes
0
answers
19
views
Does the transfer occurring under Article 45, 46 or 49 affect the Right of Access under Article 15.2?
Transfer of personal data from the UK to the US can, at least in theory, occur under Articles 45, 46 and 49. These all have different requirements.
Article 15 of the GDPR the Right of access includes ...
0
votes
0
answers
22
views
What does being "informed of the appropriate safeguards pursuant to Article 46" mean?
Article 15 of the GDPR the Right of access includes section 2:
Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be ...
1
vote
0
answers
45
views
How specific does the information need to be relating to personal information transfer between data controllers?
When personal information is transferred between data controllers the GDPR imposses certain requirements. Among these are information that must be provided to the data subject. As I understand it ...
1
vote
1
answer
139
views
Can computer performance metrics be personal data?
ScorecardResearch is a major data collection organisation that serves code onto some major UK web sites. Their privacy policy mentions a lot of tracking, including "hardware or device ...
3
votes
0
answers
44
views
Does there exist an example of meaningful information about an automated individual decision-making algorithm?
The GDPR Article 14 includes provisions for the data subject to have meaningful information about an automated individual decision-making algorithm that which produces legal effects concerning him or ...
0
votes
0
answers
58
views
Does the GDPR right to deletion in Art. 17 effectively include some "disproportionate effort" exception?
Some provisions of the GDPR have explicit exceptions about "disproportionate effort". Particularly relevant is the one in Article 19:
The controller shall communicate any rectification or ...
1
vote
1
answer
89
views
What exactly is a decision wrt. GDPR Automated individual decision-making?
The GDPR Article 22 provides rights relating to automated individual decision-making, including profiling. It starts:
The data subject shall have the right not to be subject to a decision based ...
5
votes
2
answers
167
views
How do Wi-Fi Positioning Systems interact with the GDPR?
There is a paper (described in the news) that details how to use Apple's Wi-Fi Positioning System (WPS) facilitates mass surveillance, even of those not using Apple devices. The system is described ...
4
votes
1
answer
113
views
What happens when data that was not personal information become personal information?
Supposed there is some data that is not associated with an individual. This data is processed by a company and distributed on the web. At a later date this data becomes associated with an individual ...
0
votes
0
answers
36
views
Is a third party which solicits and accepts personal data from a customer on another’s behalf a processor or a controller?
Alice contracts with ACME insurance which sends her to their identity verification solution provider’s app/website (BCME KYC SOLUTIONS Inc). BCME’s portal asks Alice for photos of herself and other ...
1
vote
1
answer
75
views
Can either side of a GDPR SAR require the other to agree to ToS during the identification process?
I shall use a real situation that happened to me, but this is just to demonstrate my point. I am definitely not going to do anything about it. This is a purely theoretical question, I am not ...
0
votes
1
answer
100
views
Is "gossip surveillance" processing personal data under the GDPR?
The Guardian has an article on "gossip surveillance" where strangers report on social media private conversations they are not party to in the hope of exposing duplicity from the speakers in ...
2
votes
2
answers
176
views
Is it legal/appropriate to email a GDPR SAR to the executive team if that is the only email address the company provides?
This is prompted by this question but I am fairly sure I do not have the correct answer so I am making this one.
My personal answer to "How do I get my data from company X under GDPR" is to ...