Page History
...
Tip | ||
---|---|---|
| ||
Apologies: Janis Karklins Alternates: none |
Note |
---|
Notes/ Action Items Action Items
2. Volker and Brian to edit the Question 4 to clarify use of pronouns and whose legal basis is being referred to. (For the question to be included in Batch 1, the updates will need to be circulated by 15:00 UTC on Wednesday, 28 August. 3. Support Staff to reference safeguards within Question 11 (please see italicized text). 4. Thomas, Volker, Brian and Margie to work together on refining Question 11. Legal Committee to review updated text during the next call. 5. Margie to review the 6(1)(b) memo and reword Question 12/13 to add more specificity (in response to feedback from the plenary team). 6. Support Staff to create a Google Doc for additional legal questions that come up in discussions. 7. Hadia and Tara to provide draft language for a question regarding automated decision making. Following receipt of the advice for the first batch of questions, the Legal Committee will assess whether this question is necessary.
a) Substantive review of SSAD questions (beginning where LC left off last week)
Consider a System for Standardized Access/Disclosure where:
Further, assume the following safeguards are in place
Footnote 1: “Here it is important to highlight the special role that safeguards may play in reducing the undue impact on the data subjects, and thereby changing the balance of rights and interests to the extent that the data controller’s legitimate interests will not be overridden.“ (https://iapp.org/media/pdf/resource_center/wp217_legitimate-interests_04-2014.pdf [iapp.org]) Notes from Meeting:
Notes from Meeting:
For purposes of this question, please assume the following safeguards are in place:
Footnote 1: SSAC defines “security practitioners” in SSAC 101 as those who have a responsibility to perform specific types of functions (as specified in Section 3) related to the identification and mitigation of malicious activity, and the correction of problems that negatively affect services and users online.
Notes from Meeting
Notes from Meeting:
Note: awaiting updated text from Brian/Georgios
[1] “Here it is important to highlight the special role that safeguards may play in reducing the undue impact on the data subjects, and thereby changing the balance of rights and interests to the extent that the data controller’s legitimate interests will not be overridden.“ (https://iapp.org/media/pdf/resource_center/wp217_legitimate-interests_04-2014.pdf) [2] https://ec.europa.eu/info/law/law-topic/data-protection/reform/rules-business-and-organisations/obligations/controller-processor/what-data-controller-or-data-processor_en b) Agree on next steps 3. Wrap and confirm next meeting to be scheduled a) Confirm action items b) The next LC Meeting will take place on Tuesday, 3 September at 14:00 UTC __________________ Batch 1
Further, assume the following safeguards are in place
Footnote 1: “Here it is important to highlight the special role that safeguards may play in reducing the undue impact on the data subjects, and thereby changing the balance of rights and interests to the extent that the data controller’s legitimate interests will not be overridden.“ (https://iapp.org/media/pdf/resource_center/wp217_legitimate-interests_04-2014.pdf [iapp.org])
In addition, if it is not possible to automate any of these steps, please provide any guidance for how to perform the balancing test under Article 6(1)(f). For reference, please refer to the following potential safeguards:
o represents that it has a lawful basis for requesting and processing the data, o provides its lawful basis, o represents that it is requesting only the data necessary for its purpose, o agrees to process the data in accordance with GDPR, and o agrees to standard contractual clauses for the data transfer.
|