- From: Harshvardhan J. Pandit <me@harshp.com>
- Date: Wed, 17 Oct 2018 08:58:42 -0700
- To: Axel Polleres <axel.polleres@wu.ac.at>, Sabrina Kirrane <sabrina.kirrane@wu.ac.at>
- Cc: public-dpvcg@w3.org
Hi Axel, Sabrina. I agree that we should also have a taxonomy of "legal basis" for processing. From the text of GDPR Sabrina shared earlier, I have the following legal basis listed in GDPRtEXT: * Contract with Data Subject * Exempted by National Law * Employment Law * Given Consent * Historic, Statistical, or Scientific Purposes * Legal claims * Legal obligation * Legitimate Interest * Made public by Data Subject * Medical, Diagnostic, or Treatement * Not for Profit Org. * Public Interest * Purpose of New Processing * Vital Interest I propose we start with this (and the text from GDPR) as our starting point for discussion. Best, Harsh On 17/10/18 8:35 AM, Axel Polleres wrote: > Dear all, > > I agree that we would need then not only to talk about consent but in > general a categorisation or "taxonomy" of "justification for processing" > or alike (using these as top-level categories), right? > > best regards, > Axel > -- > Prof. Dr. Axel Polleres > Institute for Information Business, WU Vienna > url: http://www.polleres.net/ twitter: @AxelPolleres > >> On 17.10.2018, at 17:19, Sabrina Kirrane <sabrina.kirrane@wu.ac.at >> <mailto:sabrina.kirrane@wu.ac.at>> wrote: >> >> Hi Axel & all, >> >> As a followup to Rigo's comment yesterday on other lawful means of >> processing, here is the relevant text from the GDPR: >> >> 1.Processing shall be lawful only if and to the extent that at least one >> of the following applies: >> >> (a) the data subject has given consent to the processing of his or her >> personal data for one or more specific purposes; >> >> (b) processing is necessary for the performance of a contract to which >> the data subject is party or in order to take steps at the request of >> the data subject prior to entering into a contract; >> >> (c) processing is necessary for compliance with a legal obligation to >> which the controller is subject; >> >> (d) processing is necessary in order to protect the vital interests of >> the data subject or of another natural person; >> >> (e) processing is necessary for the performance of a task carried out in >> the public interest or in the exercise of official authority vested in >> the controller; >> >> (f) processing is necessary for the purposes of the legitimate interests >> pursued by the controller or by a third party, except where such >> interests are overridden by the interests or fundamental rights and >> freedoms of the data subject which require protection of personal data, >> in particular where the data subject is a child. >> >> Point (f) of the first subparagraph shall not apply to processing >> carried out by public authorities in the performance of their tasks. >> >> Best Regards, >> Sabrina >> >> -- >> Postdoctoral researcher, >> Institute for Information Business >> Vienna University of Economics and Business >> Tel: +43-1-31336-4494 >> E-mail: sabrina.kirrane [at] wu.ac.at <http://wu.ac.at> >> Homepage: www.sabrinakirrane.com <http://www.sabrinakirrane.com> > -- --- Harshvardhan J. Pandit PhD Researcher ADAPT Centre, Trinity College Dublin https://harshp.com/
Received on Wednesday, 17 October 2018 15:59:09 UTC