Right to be forgotten service Data protection plays a more important role every day in our increasingly digitize world. With the new General Data Protection Regulation ( GDPR ), the European Union has significantly strengthened your rights with regard to the careful handling of your personal data.
What is the GDPR?
The GDPR ( General Data Protection Regulation or GDPR for short ) is an EU regulation that came into force on May 25, 2018. The EU-wide uniform regulation of data protection should continue to make the legal situation clearer for citizens and companies and reduce bureaucracy.
The GDPR largely replaces previous national law on data protection, such as the German BDSG (in individual aspects, however, it allows the member states to individually structure their national laws). As an EU regulation, it is directly applicable law in all EU member states without them having to implement it in national law.
Data subject rights
The GDPR recognizes the fundamental right of individuals to the protection of their personal data (as set out in Article 8(1) of the Charter of Fundamental Rights of the European Union ). This right should be reconcile with a world that has long since become reality, in which data exchange and process play an increasingly important role in the everyday life of everyone and offer us advantage that we can no longer imagine without:
Rapid technological developments and globalization have presented data protection with new challenges. The scale of collection and exchange of personal data has increased impressively. […] Increasingly, natural persons are also making information publicly available worldwide. Technology has changed economic and social life and should further facilitate the movement of personal data within the Union and the transfer of data to third countries and international.
– Recital 6 to the GDPR
In order to achieve this tightrope walk, high demands are place on the collection and process of personal data and the data subject are guaranty extensive rights vis-à-vis those responsible.
Many of the rights (e.g. the right to self-disclosure) also existed in Germany in the previous legislation. However, the GDPR extends the rights and, above all, clearly implements them throughout the EU.
Right to information
Body that want to process your right to be forgotten help personal data have a comprehensive obligation to provide information. These obligation are specifically regulate in Art. 12 and 13 GDPR. For example the person responsible must not only provide you with the name and contact detail of the body. Responsible for process but also the purpose for which your data are to be process. The duration of storage to which recipient they are forward and whether. There is an intention to transmit them to a third country (Art. 13 Para. 1, 2 GDPR).
This information must be made available to you immediately when the data is collect. This ensures fair and transparent processing. In which you can make an informed decision yourself as to whether you consent to the processing.
Right of providing information
Another important right is the right to information , which is regulate in Article 15 GDPR. First of all it allow you to request confirmation from company and other organization. As to whether personal data about you is store. If this is the case, you can request a free copy of your stored data (Art. 15 Para. 3 GDPR).
In addition however you can also request a wide range of information with regard to the processing of your data (Art. 15 Para. 1, 2 DSGVO). These include:
The purposes of processing,
The categories of data being process.
The recipients to whom your data or will be forward.
The duration for which your data should be store.
The origin of the data if they were not collect directly from the person responsible,
if scoring takes place: the values calculated for you and meaningful information about the logic behind it,
if your data is forward to a third country: how it is ensure that your right are also protect.
Right to data portability
The right to data portability did not previously exist; it is newly introduce by Art. 20 GDPR. It should enable you to “receive your data in a structured. Common and machine-readable format” and “to transmit this data to another person responsible […]” (Article 20 (1) GDPR).
This right is aim in particular at user of social network and cloud service. So far the provider have often use proprietary system in their own interest. That have not made it possible to move to another platform. This should be stop in order to give you more freedom. In choose the platform that suit you, but also to prevent monopoly.
As the right to data portability is still very new. There are very few detail on how it will be implement in practice. However some providers such as Facebook and Google are already providing the first solutions. In the form of online tools, which you can use to download your data for example in JSON format. It will be exciting to see how this situation develops in gdpr case studies.