[Gnso-rds-pdp-privacy] European Commission Website: Obligations of Data Controllers
Kathy Kleiman
kathy at kathykleiman.com
Thu Apr 21 19:41:10 UTC 2016
Hi All,
A few last summaries coming into the subgroup. Sorry for the delay!
Busy days...
Best,
Kathy (below and attached)
Document Name: *European Commission Website: Obligations of Data
Controllers*
Document Link:
http://ec.europa.eu/justice/data-protection/data-collection/obligations/index_en.htm
Summary:
This is a key question about whether ICANN is a data controller under
the laws of the European Data Protection Directive? Data Controllers
“determine 'the purposes and the means of the processing of personal
data'” and it is a term that applies to both public and private sectors.
See /Who can collect and process personal data?,
/http://ec.europa.eu/justice/data-protection/data-collection/index_en.htm (submitted
as a separate document)
The EU Data Protection Directive requires Data Controllers to abide by
certain principles when they process personal data.
According to the European Commission:
“Each *data controller* must respect the following rules as set out in
the Directive:
Personal Data must be processed legally and fairly;
It must be collected for explicit and legitimate purposes and used
accordingly;
It must be adequate, relevant and not excessive in relation to the
purposes for which it is collected and/or further processed;
It must be accurate, and updated where necessary;
Data controllers must ensure that data subjects can rectify, remove or
block incorrect data about themselves;
Data that identifies individuals (personal data) must not be kept any
longer than strictly necessary;
Data controllers must protect personal data against accidental or
unlawful destruction, loss, alteration and disclosure, particularly when
processing involves data transmission over networks. They shall
implement the appropriate security measures;
These protection measures must ensure a level of protection appropriate
to the data.”
Additional information:
It is hard to put it more succinctly, so I quoted directly from the
European Commission webpage.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-privacy/attachments/20160421/e475e9be/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Obligations of data controllers summary (00917177xB3D1E).DOCX
Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
Size: 17316 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-privacy/attachments/20160421/e475e9be/Obligationsofdatacontrollerssummary00917177xB3D1E-0001.DOCX>
More information about the Gnso-rds-pdp-privacy
mailing list