[Gnso-rds-pdp-privacy] European Commission Website: Obligations of Data Controllers

Thu Apr 21 19:41:10 UTC 2016

Hi All,
A few last summaries coming into the subgroup.  Sorry for the delay!  
Busy days...
Best,
Kathy (below and attached)

Document Name: *European Commission Website: Obligations of Data 
Controllers*

Document Link: 
http://ec.europa.eu/justice/data-protection/data-collection/obligations/index_en.htm

Summary:

This is a key question about whether ICANN is a data controller under 
the laws of the European Data Protection Directive? Data Controllers 
“determine 'the purposes and the means of the processing of personal 
data'” and it is a term that applies to both public and private sectors. 
See /Who can collect and process personal data?, 
/http://ec.europa.eu/justice/data-protection/data-collection/index_en.htm (submitted 
as a separate document)

The EU Data Protection Directive requires Data Controllers to abide by 
certain principles when they process personal data.

According to the European Commission:

“Each *data controller* must respect the following rules as set out in 
the Directive:

Personal Data must be processed legally and fairly;

It must be collected for explicit and legitimate purposes and used 
accordingly;

It must be adequate, relevant and not excessive in relation to the 
purposes for which it is collected and/or further processed;

It must be accurate, and updated where necessary;

Data controllers must ensure that data subjects can rectify, remove or 
block incorrect data about themselves;

Data that identifies individuals (personal data) must not be kept any 
longer than strictly necessary;

Data controllers must protect personal data against accidental or 
unlawful destruction, loss, alteration and disclosure, particularly when 
processing involves data transmission over networks. They shall 
implement the appropriate security measures;

These protection measures must ensure a level of protection appropriate 
to the data.”

Additional information:

It is hard to put it more succinctly, so I quoted directly from the 
European Commission webpage.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-privacy/attachments/20160421/e475e9be/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Obligations of data controllers summary (00917177xB3D1E).DOCX
Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
Size: 17316 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-privacy/attachments/20160421/e475e9be/Obligationsofdatacontrollerssummary00917177xB3D1E-0001.DOCX>