https://gdprhub.eu/api.php?hidebots=1&urlversion=1&days=7&limit=50&target=Article_28_GDPR&action=feedrecentchanges&feedformat=atomGDPRhub - Changes related to "Article 28 GDPR" [en]2024-03-28T11:39:33ZRelated changesMediaWiki 1.39.6https://gdprhub.eu/index.php?title=Article_5_GDPR&diff=40605&oldid=40378Article 5 GDPR2024-03-27T14:57:33Z<p><span dir="auto"><span class="autocomment">(c) Data minimisation</span></span></p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 14:57, 27 March 2024</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l296">Line 296:</td>
<td colspan="2" class="diff-lineno">Line 296:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><u>Case Law:</u> In [<del style="font-weight: bold; text-decoration: none;">[C-708</del>/<del style="font-weight: bold; text-decoration: none;">18 - TK v Asociaţia de Proprietari bloc M5A-ScaraA|</del>C-708/18 - ''TK v Asociaţia de Proprietari bloc M5A-ScaraA''<del style="font-weight: bold; text-decoration: none;">]</del>] the CJEU had to provide guidance on how to assess whether processing (in that case, a video surveillance system) could be considered "''necessary''" for the purpose of the legitimate interests pursued by the controller. The Court held that the necessity of a processing operation must be examined in conjunction with the data minimisation principle which restricts the controller's options to those "''adequate, relevant and not excessive in relation to the purposes for which they are collected''". In conclusion, the Court clarified that the controller must, amongst other things, examine "''whether it is sufficient that the video surveillance operates only at night or outside normal working hours, and block or obscure the images taken in areas where surveillance is unnecessary''".<ref>CJEU, Case C-708/18, ''TK v Asociaţia de Proprietari bloc M5A-ScaraA'', 11 December 2019 (rectified 13 February 2020), margin number 51 (available [https://curia.europa.eu/juris/document/document.jsf;jsessionid=4A9F71BCDFB6F507CC5D0302FA1AE329?text=&docid=221465&pageIndex=0&doclang=EN&mode=lst&dir=&occ=first&part=1&cid=35786932 here]).</ref></blockquote></div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><u>Case Law:</u> In [<ins style="font-weight: bold; text-decoration: none;">https://curia.europa.eu/juris/document</ins>/<ins style="font-weight: bold; text-decoration: none;">document.jsf;jsessionid=29A1F14E051DDCFB0F51D3C4070F4564?text=&docid=221465&pageIndex=0&doclang=EN&mode=lst&dir=&occ=first&part=1&cid=6835843 </ins>C-708/18 - ''TK v Asociaţia de Proprietari bloc M5A-ScaraA''] the CJEU had to provide guidance on how to assess whether processing (in that case, a video surveillance system) could be considered "''necessary''" for the purpose of the legitimate interests pursued by the controller. The Court held that the necessity of a processing operation must be examined in conjunction with the data minimisation principle which restricts the controller's options to those "''adequate, relevant and not excessive in relation to the purposes for which they are collected''". In conclusion, the Court clarified that the controller must, amongst other things, examine "''whether it is sufficient that the video surveillance operates only at night or outside normal working hours, and block or obscure the images taken in areas where surveillance is unnecessary''".<ref>CJEU, Case C-708/18, ''TK v Asociaţia de Proprietari bloc M5A-ScaraA'', 11 December 2019 (rectified 13 February 2020), margin number 51 (available [https://curia.europa.eu/juris/document/document.jsf;jsessionid=4A9F71BCDFB6F507CC5D0302FA1AE329?text=&docid=221465&pageIndex=0&doclang=EN&mode=lst&dir=&occ=first&part=1&cid=35786932 here]).</ref></blockquote></div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>The principle of data minimisation does however not mean that any processing of large data quantities is always illegal. If the use of larger quantities of personal data is the only way to achieve a purpose, a controller may use any 'necessary' data.<ref>''Herbst'', in Kühling/Buchner, DS-GVO BDSG, Article 5 GDPR, margin number 56 (C.H. Beck 2020)</ref> </div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>The principle of data minimisation does however not mean that any processing of large data quantities is always illegal. If the use of larger quantities of personal data is the only way to achieve a purpose, a controller may use any 'necessary' data.<ref>''Herbst'', in Kühling/Buchner, DS-GVO BDSG, Article 5 GDPR, margin number 56 (C.H. Beck 2020)</ref> </div></td></tr>
<!-- diff cache key gdprwiki:diff::1.12:old-40378:rev-40605 -->
</table>Imhttps://gdprhub.eu/index.php?title=Article_89_GDPR&diff=40490&oldid=32010Article 89 GDPR2024-03-21T13:44:22Z<p>Pinpointing rendering error</p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 13:44, 21 March 2024</td>
</tr><tr><td colspan="4" class="diff-multi" lang="en">(One intermediate revision by the same user not shown)</td></tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l185">Line 185:</td>
<td colspan="2" class="diff-lineno">Line 185:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>== Legal Text ==</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>== Legal Text ==</div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del style="font-weight: bold; text-decoration: none;"><br /></del><center>'''Article 89 - Safeguards and derogations relating to processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes'''</center></div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><center>'''Article 89 - Safeguards and derogations relating to processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes'''</center></div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><span id="1">1. Processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, shall be subject to appropriate safeguards, in accordance with this Regulation, for the rights and freedoms of the data subject. Those safeguards shall ensure that technical and organisational measures are in place in particular in order to ensure respect for the principle of data minimisation. Those measures may include pseudonymisation provided that those purposes can be fulfilled in that manner. Where those purposes can be fulfilled by further processing which does not permit or no longer permits the identification of data subjects, those purposes shall be fulfilled in that manner.</span></div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><span id="1">1. Processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, shall be subject to appropriate safeguards, in accordance with this Regulation, for the rights and freedoms of the data subject. Those safeguards shall ensure that technical and organisational measures are in place in particular in order to ensure respect for the principle of data minimisation. Those measures may include pseudonymisation provided that those purposes can be fulfilled in that manner. Where those purposes can be fulfilled by further processing which does not permit or no longer permits the identification of data subjects, those purposes shall be fulfilled in that manner.</span></div></td></tr>
<tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l202">Line 202:</td>
<td colspan="2" class="diff-lineno">Line 202:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Article 89 GDPR regulates the processing of personal data for four distinct purposes: (i) archiving in the public interest, (ii) scientific research, (iii) historical research and (iv) statistical purposes. In many instances, collecting large quantities of personal data is a key component, if not a prerequisite, for achieving such purposes. For example, clinical trials or political polls are both based on the large-scale collection and analysis of sensitive personal data. Because of the broad scope of such processing operations, as well as the risks they entail, the EU legislator has introduced specific safeguards in Article 89(1) GDPR to protect the rights and freedoms of data subjects. At the same time, overburdening controllers with legal obligations may ultimately impede research, or even defeat the very purpose of the processing. This, in turn, may become detrimental for society, as many societal advances are based on archiving systems, scientific and historical research, or statistical studies. Hence, Article 89(2) and (3) GDPR also allow for specific derogation to the GDPR for these purposes, as further detailed below. </div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Article 89 GDPR regulates the processing of personal data for four distinct purposes: (i) archiving in the public interest, (ii) scientific research, (iii) historical research and (iv) statistical purposes. In many instances, collecting large quantities of personal data is a key component, if not a prerequisite, for achieving such purposes. For example, clinical trials or political polls are both based on the large-scale collection and analysis of sensitive personal data. Because of the broad scope of such processing operations, as well as the risks they entail, the EU legislator has introduced specific safeguards in Article 89(1) GDPR to protect the rights and freedoms of data subjects. At the same time, overburdening controllers with legal obligations may ultimately impede research, or even defeat the very purpose of the processing. This, in turn, may become detrimental for society, as many societal advances are based on archiving systems, scientific and historical research, or statistical studies. Hence, Article 89(2) and (3) GDPR also allow for specific derogation to the GDPR for these purposes, as further detailed below. </div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>=== (1) Mandatory Appropriate Safeguards for Archiving Purposes in the Public Interest, Scientific or Historical Research Purposes, <del style="font-weight: bold; text-decoration: none;">or Statistical Purposes </del>===</div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>=== (1) Mandatory Appropriate Safeguards for Archiving Purposes in the Public Interest, Scientific or Historical Research Purposes,<ins style="font-weight: bold; text-decoration: none;">... </ins>===</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Article 89(1) GDPR provides that when processing operations take place for (i) archiving in the public interest, (ii) scientific or historical research or (iii) statistical purposes, appropriate safeguards for the rights and freedoms of the data subject must be implemented. After defining each of these purposes, the safeguards that controllers must be in place will be discussed. </div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Article 89(1) GDPR provides that when processing operations take place for (i) archiving in the public interest, (ii) scientific or historical research or (iii) statistical purposes, appropriate safeguards for the rights and freedoms of the data subject must be implemented. After defining each of these purposes, the safeguards that controllers must be in place will be discussed. </div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>===== Archiving Purposes in the Public Interest =====</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>===== Archiving Purposes in the Public Interest =====</div></td></tr>
<!-- diff cache key gdprwiki:diff::1.12:old-32010:rev-40490 -->
</table>Sfl