Legitimate Interests of Data Controllers from Perspective of Information Society Service Providers
Tran, Phu (2017-04-24)
Legitimate Interests of Data Controllers from Perspective of Information Society Service Providers
Tran, Phu
(24.04.2017)
Tätä artikkelia/julkaisua ei ole tallennettu UTUPubiin. Julkaisun tiedoissa voi kuitenkin olla linkki toisaalle tallennettuun artikkeliin / julkaisuun.
Turun yliopisto
Kuvaus
Siirretty Doriasta
Tiivistelmä
The study goes into the matter of the Legitimate interests of data controllers as a lawful ground for the processing of personal data under Data Protection Directive 95/46/EC and the coming General Data Protection Regulation 2016/679 from perspective of Information society service providers (ISSPs). Specifically, the study examines the application of the ‘legitimate interests’ ground to the personal data processing operations of ISSPs as to how the provision of ‘legitimate interests’ could be understood and used by service providers for the processing of personal data. Eventually, the study comes up with some suggestions to improve the applicability of this ground in the future.
The study briefly goes through the EU’ Data Protection law with focus on the legal grounds for personal data processing. After that, the study analyses in detailed the relation between the law and operations of ISSPs in term of the legitimacy of the processing of personal data. The ‘legitimate interests’ of data controllers as stipulated in Article 7(f) of the Directive and Article 6.1(f) of the Regulation is scrutinized from perspective of service providers as a possible lawful ground which can be used. Finally, the requirements for such application followed by several suggestions will be presented and analyzed
The study concludes that processing of users’ personal data activity of ISSPs is subject to the enforcement power of the Directive and so of the coming Regulation. So far, the ‘legitimate interests’ ground has not been used widely due to some objective as well as subjective reasons. However, when the Regulation comes into force with many improved requirements for data processing activities as regard to the ‘consent’ ground, service providers may find this ground more appealing and feasible regarding there are quite sufficient instructions in the Regulation, and probably will be more from the EU and the CJEU. They can opt for the use of this ground to ensure the legitimacy of their processing and avoid breach of the EU’ data protection law. In order to do so, service providers have to strictly comply with the requirements set out by the law, especially as regard to the obligation to carry out the ‘impact assessment’.
The study briefly goes through the EU’ Data Protection law with focus on the legal grounds for personal data processing. After that, the study analyses in detailed the relation between the law and operations of ISSPs in term of the legitimacy of the processing of personal data. The ‘legitimate interests’ of data controllers as stipulated in Article 7(f) of the Directive and Article 6.1(f) of the Regulation is scrutinized from perspective of service providers as a possible lawful ground which can be used. Finally, the requirements for such application followed by several suggestions will be presented and analyzed
The study concludes that processing of users’ personal data activity of ISSPs is subject to the enforcement power of the Directive and so of the coming Regulation. So far, the ‘legitimate interests’ ground has not been used widely due to some objective as well as subjective reasons. However, when the Regulation comes into force with many improved requirements for data processing activities as regard to the ‘consent’ ground, service providers may find this ground more appealing and feasible regarding there are quite sufficient instructions in the Regulation, and probably will be more from the EU and the CJEU. They can opt for the use of this ground to ensure the legitimacy of their processing and avoid breach of the EU’ data protection law. In order to do so, service providers have to strictly comply with the requirements set out by the law, especially as regard to the obligation to carry out the ‘impact assessment’.