Tuesday, 26 February
2019 01:19PM / By Oserogho & Associates
Reliance on internet electronic communication continues to increase. With its numerous benefits also come risks that legislation needs to address, and stay ahead of wherever possible. This is particularly as Data Harvesting and Processing, especially Big Data in the social media sphere, are now very lucrative legitimate and illegitimate businesses.
The European Union (“EU”) General Data Protection Regulations (“GDPR”) is arguably now the world’s most up-to-date legislation on Data Confidentiality, Privacy and Protection for EU Resident Data Users or Subjects. A good example of the far reaching effect of the GDPR are the data breaches fines imposed on Google by France; and the on-going data breaches investigations by the EU on Facebook and some android companies.
Organisations who have access to, and or process EU Residents (and non-EU residents) electronic data must therefore pay more attention to the new, salient and special provisions of the GDPR, some of which provisions are highlighted in this newsletter; most of which material are sourced from the 400+ pages ….
Key EU Data Protection Provisions
A key, fundamental objective of the EU GDPR is not only the protection and safeguard of EU Resident Data Users rights to privacy but also their rights to the confidentiality of their personal data. Both of these rights are now fundamental human rights under EU Law.
Automated and non-automated processed electronic data are also now protected under the GDPR. With only statutory exceptions allowed, underlining the GDPR is the unequivocal consent of the Data User or Data Subject on how his or her personal data is collected, processed, protected and disseminated.
The Data User is also granted the unfettered right to freely withdraw his or her consent as to the use of his or her personal data provided the GDPR principles on the lawfulness, fairness and transparency of how the data is managed are adhered to.
Personal Data Breaches, whether accidental or otherwise, must be addressed by the Controllers, Processors and Data Protection Officers in a timely and appropriate manner by the latter parties notifying the completely Independent Statutory Data Supervisory Authority of any material Data Breach within Seventy-Two (72) hours of such a data breach.
The Data User is also required to be immediately notified if the data breach is likely to cause high privacy and confidentiality risks to such a Data User or Users. In more severe cases, a public communication of the data breach and the measures to ratify such breach is/are required.
Remedies, Reliefs, Compensation and Fines
Some of the initial remedies that Data Subjects or Users have when their Data Rights are infringed include lodging with the Data Controllers and Processors a Complaint, seeking either or all of the following reliefs:- Data Rectification, Data Erasure, Portability of the User’s Data, etc. These remedial assistances are to be provided without any charge, costs or fee to the Data Subject or User.
Where resort to the Data Controller or Processor does not ratify the data breach, the Data Subject has the further right to resort to the Supervisory Independent Data Regulatory Authority in his or her EU country before a further resort to judicial remedies for material and non-material damages are explored. From the Supervisory Data Regulatory Authority are additional remedies of full and effective compensation for the data breach or breaches.
The Supervisory Data Regulatory Authority has, in addition to the corrective powers enumerated above, the additional power to impose administrative fines for any GDPR infringement up to €20,000,000 (Twenty Million Euros). Where the infringement is by an undertaking venture, the higher of the latter sum of 4% of the undertaking venture’s total worldwide annual turnover will be imposed for the data infringement.
Data Protection and National Security
To balance individual data rights with national security and public safety, i.e. Police and Criminal Justice administration as examples, the processing of generic and other criminal administration data by public justice authorities is permitted subject to the data protection regulations in the GDPR and the Budapest Convention on Cybercrimes. Underlining this exception is the principle that there must be substantial public interest to be protected, which interest is provided for by Law.
Among other countries, Bi-lateral Personal Data Protection Agreements also exist between the EU and the United States law enforcement agencies.
Consequences of Data Breaches, especially to individuals, could be severe; from Identity Theft to Fraud and other Financial Losses; infringement of an individual’s rights to privacy and confidentiality which could lead to Defamation; Copyright Infringement; Child Pornography; unlawful hacking and surveillance; etc.
Enhancing Rudimentary Public Enlightenment on the importance of Data Protection is therefore an essential modern day requirement when using the internet.
Tech Regulation Updates
1. EU and Global Securities Regulators Welcome Agreement on Data ... – Feb 15, 2019
2. How The General Data Protection Regulation Will Affect Your Business... – Mar 22, 2018
This is a free educational material. It does not serve as a source of solicitation, advertisement or the offering of legal services or advice of any kind. No Client/Attorney relationship is therefore created. Readers are strongly advised to always seek from qualified Legal Practitioners, competent legal counseling to their specific factual situation.
Intellectual Property Protected!
This material is protected by International Intellectual Property Laws and Regulations. This material can therefore only be reproduced or re-distributed for non-profit educational purposes under the strict condition that our Authorship of this material is explicitly acknowledged, and our above Disclaimer Notice is prominently displayed. [ email@example.com ]
Previous Post - Developments in the Market
Related Legal Alerts