Page History
...
Tip | ||
---|---|---|
| ||
Apologies: Tatiana Tropina Alternates: Stephanie Perrin |
Note |
---|
Notes/ Action Items Action Items
Notes
a) Substantive review of SSAD questions (beginning where LC left off last week)
Updated Merged Questions 2 and 5: Consider a System for Standardized Access/Disclosure where contracted parties “CPs” are required to disclose personal data over RDAP to requestors either directly or through an intermediary request accreditation/authorization body. Assuming the following safeguards are in place, what risk, if any, would the CP face for the processing activity of disclosure in this context? If any risk exists, what improved or additional safeguards would eliminate[1] this risk. In this scenario, would the CP be a controller or a processor[2], and to what extent, if at all, is the CP’s liability impacted by this controller/processor distinction?
o represents that it has a lawful basis for requesting and processing the data, o provides its lawful basis, o represents that it is requesting only the data necessary for its purpose, o agrees to process the data in accordance with GDPR, and o agrees to standard contractual clauses for the data transfer.
Notes from Call:
Notes from Call:
In addition, if it is not possible to automate any of these steps, please provide any guidance for how to perform the balancing test under Article 6(1)(f).
Notes from Call:
Notes from Call:
[1] “Here it is important to highlight the special role that safeguards may play in reducing the undue impact on the data subjects, and thereby changing the balance of rights and interests to the extent that the data controller’s legitimate interests will not be overridden.“ (https://iapp.org/media/pdf/resource_center/wp217_legitimate-interests_04-2014.pdf) [2] https://ec.europa.eu/info/law/law-topic/data-protection/reform/rules-business-and-organisations/obligations/controller-processor/what-data-controller-or-data-processor_en b) Discussion on submission of questions – submit as complete batch or as available?
c) Agree on next steps 3. Wrap and confirm next meeting to be scheduled a) Confirm action items b) The next LC Meeting will take place on Tuesday, 27 August at 14:00 UTC. |