[gnso-rds-pdp-wg] Legal basis vs. lawful
Volker Greimann
vgreimann at key-systems.net
Fri Feb 9 16:26:35 UTC 2018
I do not see how. Kathy's analysis seems sound. The flexibility within
the GDPR still only allows processing in very specific cicumstances, all
of which are listed in the GDPR.
Am 09.02.2018 um 16:45 schrieb Victoria Sheckler:
>
> Kathy’s analysis breaks down on a practical level when one looks at
> the GDPR and what it says about when data can be processed. The GDPR
> allows for flexibility for what can be processed and when, and kathy’s
> analysis overlooks that point.
>
> *From:*gnso-rds-pdp-wg [mailto:gnso-rds-pdp-wg-bounces at icann.org] *On
> Behalf Of *Kathy Kleiman
> *Sent:* Thursday, February 8, 2018 7:07 PM
> *To:* gnso-rds-pdp-wg at icann.org
> *Subject:* Re: [gnso-rds-pdp-wg] Legal basis vs. lawful
>
> Tx for the invitation to join, Chuck, and following up on the
> discussion of Sam and Tapani, let me add that criteria for processing
> must be clearer than something broadly within ICANN's mission
> statement and something permissible somewhere. The requirements under
> law are express and concrete.
>
> Specifically, GDPR Article 5(1)(b and c) states:
>
> *Personal data shall be:
> 2. "collected for _specified, explicit and legitimate purposes _and
> not further processed in a manner that is incompatible with those
> purposes"* (the "purpose limitation") AND *
> 3. "adequate, relevant and limited to what is necessary in relation
> to the purposes for which they are processed"* (the "data
> minimisation" requirement). [underline added]*
> *
> Thus, our first criteria of "consistent with ICANN's mission," is only
> the first step and we need to go further than even the 3 criteria we
> are discussing..
>
> Second, lawful and legal enter us into a debate over words and I have
> to agree with Sam and Tapani's analysis and let me add some of my own.
>
> "Legal" is the term we use for actions expressly allowed under law.
> How we process personal data under the GDRP falls into this category
> -- of processing expressly allowed under law. Whereas the term lawful
> is used for a much broader category of actions which are generally
> permissible and allowable.
>
> The term "legal" is much more consistent with our criteria statement
> because the processing of personal data by ICANN must clearly have a
> /valid legal basis/ as expressly defined by data protection laws.
>
> Best regards,
> Kathy
>
> On 2/7/2018 10:53 AM, Sam Lanfranco wrote:
>
> Thanks Tapani,
>
> I will extract from your longer message.
> I deliberately kept my brief and less technical.
> I think we are in agreement here and I support your position.
>
> On 2/7/2018 1:07 AM, Tapani Tarvainen wrote:
>
> The key distinction, as I understand it, is that "lawful" would be
> defined by the negative, everything that some law does not prohibit,
>
> where as "legal basis" is defined by the positive, only things whose
> justification can be explicitly derived from law.
>
> <......>
>
> So I would prefer "legal basis" specifically in this sense: that
> any processing
> would have to be explicitly based on one of the criteria, or
> bases, as listed
> in GDPR Article 6, or similar explicit justification in other data
> protection legislation.
>
>
>
>
>
> _______________________________________________
>
> gnso-rds-pdp-wg mailing list
>
> gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
>
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
>
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20180209/875f526f/attachment.html>
More information about the gnso-rds-pdp-wg
mailing list