All Questions
Tagged with united-kingdom gdpr
114
questions
1
vote
0
answers
43
views
How specific does the information need to be relating to personal information transfer between data controllers?
When personal information is transferred between data controllers the GDPR imposses certain requirements. Among these are information that must be provided to the data subject. As I understand it ...
1
vote
1
answer
137
views
Can computer performance metrics be personal data?
ScorecardResearch is a major data collection organisation that serves code onto some major UK web sites. Their privacy policy mentions a lot of tracking, including "hardware or device ...
3
votes
0
answers
43
views
Does there exist an example of meaningful information about an automated individual decision-making algorithm?
The GDPR Article 14 includes provisions for the data subject to have meaningful information about an automated individual decision-making algorithm that which produces legal effects concerning him or ...
0
votes
0
answers
57
views
Does the GDPR right to deletion in Art. 17 effectively include some "disproportionate effort" exception?
Some provisions of the GDPR have explicit exceptions about "disproportionate effort". Particularly relevant is the one in Article 19:
The controller shall communicate any rectification or ...
1
vote
1
answer
85
views
What exactly is a decision wrt. GDPR Automated individual decision-making?
The GDPR Article 22 provides rights relating to automated individual decision-making, including profiling. It starts:
The data subject shall have the right not to be subject to a decision based ...
5
votes
2
answers
166
views
How do Wi-Fi Positioning Systems interact with the GDPR?
There is a paper (described in the news) that details how to use Apple's Wi-Fi Positioning System (WPS) facilitates mass surveillance, even of those not using Apple devices. The system is described ...
0
votes
0
answers
25
views
Would a GDPR SAR cover the evidence an online company would be expected to provide to enforce a contractual debt?
It is in the news that HelloFresh is accused of charging people for deliveries they did not request, and said they would "send a third-party debt collector round" in the case of non-payment. ...
4
votes
1
answer
113
views
What happens when data that was not personal information become personal information?
Supposed there is some data that is not associated with an individual. This data is processed by a company and distributed on the web. At a later date this data becomes associated with an individual ...
0
votes
0
answers
36
views
Is a third party which solicits and accepts personal data from a customer on another’s behalf a processor or a controller?
Alice contracts with ACME insurance which sends her to their identity verification solution provider’s app/website (BCME KYC SOLUTIONS Inc). BCME’s portal asks Alice for photos of herself and other ...
1
vote
1
answer
75
views
Can either side of a GDPR SAR require the other to agree to ToS during the identification process?
I shall use a real situation that happened to me, but this is just to demonstrate my point. I am definitely not going to do anything about it. This is a purely theoretical question, I am not ...
0
votes
1
answer
97
views
Is "gossip surveillance" processing personal data under the GDPR?
The Guardian has an article on "gossip surveillance" where strangers report on social media private conversations they are not party to in the hope of exposing duplicity from the speakers in ...
2
votes
2
answers
176
views
Is it legal/appropriate to email a GDPR SAR to the executive team if that is the only email address the company provides?
This is prompted by this question but I am fairly sure I do not have the correct answer so I am making this one.
My personal answer to "How do I get my data from company X under GDPR" is to ...
-2
votes
1
answer
119
views
Are deleted comments left by U.K. based users retained and subject to subject access under U.K. GDPR?
Meet Bob; Bob left some comments on a post on stack exchange and some over zealous moderators decided that they were not needed and so to delete them. Bob wishes to access these comments for the ...
1
vote
2
answers
198
views
What are an employed/contracted software developer's responsibilities under the GDPR?
This is prompted by this question but that is rather complicated by the technical details. Suppose the following hypothetical:
Alice is a software developer for Bob Inc. perhaps as a normal employee, ...
3
votes
1
answer
97
views
Can one person's genetic information be another persons personal information?
In the UK GDPR ‘personal data’ is defined as:
‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one ...