- From: Bud P. Bruegger <uld613@datenschutzzentrum.de>
- Date: Tue, 19 Dec 2023 14:14:22 +0100
- To: public-dpvcg@w3.org
hi there, for what it's worth: On 19.12.2023 13:38, Georg Philip Krog wrote: .. > 2. > We do not have principles in DPV, not in DPV-GDPR. We should add them if > they are needed. They are needed for DPIAS like this. > > Assessment of compliance with the fundamental privacy principles: > .. > > Resources: > https://www.dataprotection.ie/.. In case you add principles, the source would be Art. 5 GDPR https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679#d1e1797-1-1 > 4. > Under contract legal basis I propose "Agreement with Data Subject" Art. 6(1)(b) GDPR uses the wording "processing is necessary for the performance of a contract to which the data subject is party..." "Agreement with Data Subject" may give another impression. Like "the data subject agreed to my processing". That interpretation would rather be consent (i.e., Art. 6(1)(a) GDPR)). cheers -b -- Bud P. Bruegger, Dipl.-Ing. (ETH), Ph.D. (University of Maine) ULD613@datenschutzzentrum.de, +49 431 988-1217 Research Department, Unabhaengiges Landeszentrum fuer Datenschutz (ULD) Holstenstraße 98, 24103 Kiel, https://www.datenschutzzentrum.de/ ULD is the office of the Data Protection Supervisory Authority of Schleswig-Holstein. Information about the processing of personal data by and the encryption of e-mail messages for ULD can be found at https://datenschutzzentrum.de/datenschutz/ Except where explicitly stated otherwise, views and opinions expressed in this message may deviate from the official policy or position of the Data Protection Supervisory Authority of Schleswig-Holstein.
Received on Tuesday, 19 December 2023 13:14:38 UTC