Nobody puts data in a corner? Why a new approach to categorising personal data is required for the obligation to inform
Nobody puts data in a corner? Why a new approach to categorising personal data is required for the obligation to inform
Transparency is a key principle of EU data protection law and the obligation to inform is key to ensuring transparency. The purpose of this obligation is to provide data subjects with information that allows them to assess the compliance and trustworthiness of the data controller. Despite the benefits of categorising personal data for this purpose, a coherent and consistent approach to doing so under the obligation to inform has not emerged. It is unclear what a ‘category’ of personal data is and when this information must be provided. This results in reduced transparency for data subjects and uncertainty for data controllers regarding their legal obligations, defeating the purpose of this obligation. This article highlights these issues and calls for clarification on them. It also posits that in clarifying the law, a new approach to categorising personal data is required, to achieve the benefits of categorisation and increase the transparency of personal data processing for data subjects.
142-158
Cradock, Emma
e87236fe-f425-4162-977d-5a3f9065ea71
Stalla-Bourdillon, Sophie
c189651b-9ed3-49f6-bf37-25a47c487164
Millard, David
4f19bca5-80dc-4533-a101-89a5a0e3b372
April 2017
Cradock, Emma
e87236fe-f425-4162-977d-5a3f9065ea71
Stalla-Bourdillon, Sophie
c189651b-9ed3-49f6-bf37-25a47c487164
Millard, David
4f19bca5-80dc-4533-a101-89a5a0e3b372
Cradock, Emma, Stalla-Bourdillon, Sophie and Millard, David
(2017)
Nobody puts data in a corner? Why a new approach to categorising personal data is required for the obligation to inform.
Computer Law & Security Review, 33 (2), .
(doi:10.1016/j.clsr.2016.11.005).
Abstract
Transparency is a key principle of EU data protection law and the obligation to inform is key to ensuring transparency. The purpose of this obligation is to provide data subjects with information that allows them to assess the compliance and trustworthiness of the data controller. Despite the benefits of categorising personal data for this purpose, a coherent and consistent approach to doing so under the obligation to inform has not emerged. It is unclear what a ‘category’ of personal data is and when this information must be provided. This results in reduced transparency for data subjects and uncertainty for data controllers regarding their legal obligations, defeating the purpose of this obligation. This article highlights these issues and calls for clarification on them. It also posits that in clarifying the law, a new approach to categorising personal data is required, to achieve the benefits of categorisation and increase the transparency of personal data processing for data subjects.
Text
Cradock Final 08.11.16.pdf
- Accepted Manuscript
More information
Accepted/In Press date: 21 November 2016
e-pub ahead of print date: 17 January 2017
Published date: April 2017
Organisations:
Web & Internet Science, Southampton Law School
Identifiers
Local EPrints ID: 403125
URI: http://eprints.soton.ac.uk/id/eprint/403125
ISSN: 2212-4748
PURE UUID: 29bd8a89-916a-4ca7-9aa1-8c8e9ae8875a
Catalogue record
Date deposited: 24 Nov 2016 12:24
Last modified: 16 Mar 2024 03:00
Export record
Altmetrics
Contributors
Author:
Emma Cradock
Author:
David Millard
Download statistics
Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.
View more statistics