Right to restriction of processing
(67) Methods by which to restrict the processing of personal data could include, inter alia, temporarily moving the selected data to another processing system, making the selected personal data unavailable to users, or temporarily removing published data from a website. In automated filing systems, the restriction of processing should in principle be ensured by technical means in such a manner that the personal data are not subject to further processing operations and cannot be changed. The fact that the processing of personal data is restricted should be clearly indicated in the system.
(156)The processing of personal data for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes should be subject to appropriate safeguards for the rights and freedoms of the data subject pursuant to this Regulation. Those safeguards should ensure that technical and organisational measures are in place in order to ensure, in particular, the principle of data minimisation. The further processing of personal data for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes is to be carried out when the controller has assessed the feasibility to fulfil those purposes by processing data which do not permit or no longer permit the identification of data subjects, provided that appropriate safeguards exist (such as, for instance, pseudonymisation of the data). Member States should provide for appropriate safeguards for the processing of personal data for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes. Member States should be authorised to provide, under specific conditions and subject to appropriate safeguards for data subjects, specifications and derogations with regard to the information requirements and rights to rectification, to erasure, to be forgotten, to restriction of processing, to data portability, and to object when processing personal data for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes. The conditions and safeguards in question may entail specific procedures for data subjects to exercise those rights if this is appropriate in the light of the purposes sought by the specific processing along with technical and organisational measures aimed at minimising the processing of personal data in pursuance of the proportionality and necessity principles. The processing of personal data for scientific purposes should also comply with other relevant legislation such as on clinical trials.
There is no recital in the Directive related to article 18.
The right to restriction of processing appeared with the second proposal for a Regulation of 11 June 2015. The Regulation allow the data subject to claim restriction of data processing in four cases listed exhaustively. The restriction of processing has to be understood as the marking of stored personal data with the aim of limiting their processing in the future (Art. 4 (3)).
- the data subject may obtain restriction to processing if contesting the accuracy of the personal data, for a period enabling the controller to verify such accuracy;
- the data subject may require restriction if the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; This hypothesis has been added by the final compromise on the future Regulation.
- the data subject may also require restriction of processing where although no longer needed for the purposes of the processing, the data are required by the data subject for the establishment, exercise or defence of legal claims;
- the controller must comply with the request for restriction of processing within the time needed for review of the data subject’s grounds based on his or her particular situation (see Art. 21), i.e., the time needed for proceeding with the check of the balance of interests between the legitimate interests of the controller and those of the data subject.
According to recital 67, restriction of processing can be done in various ways: by temporarily moving the selected data to another processing system, making the selected personal data unavailable to users, temporarily removing published data from a website, etc.
In case of restriction of processing, the relevant data can not be subject to processing, except for preservation, unless data subject's consent is given. Nevertheless, the data subject to a restriction can still be processed for the recognition, exercise or defence of legal rights, or for the protection of the rights of another natural person or legal entity, or for important reasons in public interest in the Member State or the Union.
Finally, the last paragraph of Article 18 obliges the controller to inform the data subject before the restriction of processing is cancelled.
Article 12 b) of the Directive already required the Member States to ensure to the data subject the right to obtain blocking of data, the processing of which does not comply with the Directive, in particular because of incomplete or inaccurate nature of the data.
The notion of “blocking of data” has not, however, been subject to any definition in the Directive.
The obligations of the controllers resulting from the right to restriction of processing for the data subjects must be integrated into the existing processes. This is actually a specific right to object - because being temporary and based on the circumstances but requiring a separate treatment.
In the case of inaccuracy or objection, the controller must suspend before any verification of the basis of the data subject’s claims. Again, the controller will operate at the forefront to proceed with the staked balance of interests. This is however not the case for the other two hypotheses (unlawful processing and absence of interest of the processing). A refusal of suspension can then be opposed following the contestation of the validity of the request, but at the risk of the controller.
Guidelines on Automated individual decision-making and Profiling for the purposes of Regulation 2016/679 (6 February 2018)
(Endorsed by the EDPB)
The General Data Protection Regulation (the GDPR), specifically addresses profiling and automated individual decision-making, including profiling.
Profiling and automated decision-making are used in an increasing number of sectors, both private and public. Banking and finance, healthcare, taxation, insurance, marketing and advertising are just a few examples of the fields where profiling is being carried out more regularly to aid decision-making.
Advances in technology and the capabilities of big data analytics, artificial intelligence and machine learning have made it easier to create profiles and make automated decisions with the potential to significantly impact individuals’ rights and freedoms.
The widespread availability of personal data on the internet and from Internet of Things (IoT) devices, and the ability to find correlations and create links, can allow aspects of an individual’s personality or behaviour, interests and habits to be determined, analysed and predicted.
Profiling and automated decision-making can be useful for individuals and organisations, delivering benefits such as:
- increased efficiencies; and
- resource savings.
They have many commercial applications, for example, they can be used to better segment markets and tailor services and products to align with individual needs. Medicine, education, healthcare and transportation can also all benefit from these processes.
However, profiling and automated decision-making can pose significant risks for individuals’ rights and freedoms which require appropriate safeguards.
These processes can be opaque. Individuals might not know that they are being profiled or understand what is involved.
Profiling can perpetuate existing stereotypes and social segregation. It can also lock a person into a specific category and restrict them to their suggested preferences. This can undermine their freedom to choose, for example, certain products or services such as books, music or newsfeeds. In some cases, profiling can lead to inaccurate predictions. In other cases it can lead to denial of services and goods and unjustified discrimination.
The GDPR introduces new provisions to address the risks arising from profiling and automated decision-making, notably, but not limited to, privacy. The purpose of these guidelines is to clarify those provisions.
This document covers:
- Definitions of profiling and automated decision-making and the GDPR approach to these in general – Chapter II
- General provisions on profiling and automated decision-making – Chapter III
- Specific provisions on solely automated decision-making defined in Article 22 - Chapter IV
- Children and profiling – Chapter V
- Data protection impact assessments and data protection officers– Chapter VI
The Annexes provide best practice recommendations, building on the experience gained in EU Member States.
The Article 29 Data Protection Working Party (WP29) will monitor the implementation of these guidelines and may complement them with further details as appropriate.
C-131/12 (13 May 2014)
1. Article 2(b) and (d) of Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data are to be interpreted as meaning that, first, the activity of a search engine consisting in finding information published or placed on the internet by third parties, indexing it automatically, storing it temporarily and, finally, making it available to internet users according to a particular order of preference must be classified as ‘processing of personal data’ within the meaning of Article 2(b) when that information contains personal data and, second, the operator of the search engine must be regarded as the ‘controller’ in respect of that processing, within the meaning of Article 2(d).
2. Article 4(1)(a) of Directive 95/46 is to be interpreted as meaning that processing of personal data is carried out in the context of the activities of an establishment of the controller on the territory of a Member State, within the meaning of that provision, when the operator of a search engine sets up in a Member State a branch or subsidiary which is intended to promote and sell advertising space offered by that engine and which orientates its activity towards the inhabitants of that Member State.
3. Article 12(b) and subparagraph (a) of the first paragraph of Article 14 of Directive 95/46 are to be interpreted as meaning that, in order to comply with the rights laid down in those provisions and in so far as the conditions laid down by those provisions are in fact satisfied, the operator of a search engine is obliged to remove from the list of results displayed following a search made on the basis of a person’s name links to web pages, published by third parties and containing information relating to that person, also in a case where that name or information is not erased beforehand or simultaneously from those web pages, and even, as the case may be, when its publication in itself on those pages is lawful.
4. Article 12(b) and subparagraph (a) of the first paragraph of Article 14 of Directive 95/46 are to be interpreted as meaning that, when appraising the conditions for the application of those provisions, it should inter alia be examined whether the data subject has a right that the information in question relating to him personally should, at this point in time, no longer be linked to his name by a list of results displayed following a search made on the basis of his name, without it being necessary in order to find such a right that the inclusion of the information in question in that list causes prejudice to the data subject. As the data subject may, in the light of his fundamental rights under Articles 7 and 8 of the Charter, request that the information in question no longer be made available to the general public on account of its inclusion in such a list of results, those rights override, as a rule, not only the economic interest of the operator of the search engine but also the interest of the general public in having access to that information upon a search relating to the data subject’s name. However, that would not be the case if it appeared, for particular reasons, such as the role played by the data subject in public life, that the interference with his fundamental rights is justified by the preponderant interest of the general public in having, on account of its inclusion in the list of results, access to the information in question.
C-398/15 (9 March 2017)
Article 6(1)(e), Article 12(b) and subparagraph (a) of the first paragraph of Article 14 of Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, read in conjunction with Article 3 of the First Council Directive 68/151/EEC of 9 March 1968 on co-ordination of safeguards which, for the protection of the interests of members and others, are required by Member States of companies within the meaning of the second paragraph of Article 58 of the Treaty, with a view to making such safeguards equivalent throughout the Community, as amended by Directive 2003/58/EC of the European Parliament and of the Council of 15 July 2003, must be interpreted as meaning that, as EU law currently stands, it is for the Member States to determine whether the natural persons referred to in Article 2(1)(d) and (j) of that directive may apply to the authority responsible for keeping, respectively, the central register, commercial register or companies register to determine, on the basis of a case-by-case assessment, if it is exceptionally justified, on compelling legitimate grounds relating to their particular situation, to limit, on the expiry of a sufficiently long period after the dissolution of the company concerned, access to personal data relating to them, entered in that register, to third parties who can demonstrate a specific interest in consulting that data.
1. The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
(a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
(b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
(c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
(d) the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.
2. Where processing has been restricted under paragraph 1, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
3. A data subject who has obtained restriction of processing pursuant to paragraph 1 shall be informed by the controller before the restriction of processing is lifted.
1st proposal close
4. Instead of erasure, the controller shall restrict processing of personal data where:
(a) their accuracy is contested by the data subject, for a period enabling the controller to verify the accuracy of the data;
(b) the controller no longer needs the personal data for the accomplishment of its task but they have to be maintained for purposes of proof;
(c) the processing is unlawful and the data subject opposes their erasure and requests the restriction of their use instead;
(d) the data subject requests to transmit the personal data into another automated processing system in accordance with Article 18(2).
5. Personal data referred to in paragraph 4 may, with the exception of storage, only be processed for purposes of proof, or with the data subject's consent, or for the protection of the rights of another natural or legal person or for an objective of public interest.
6. Where processing of personal data is restricted pursuant to paragraph 4, the controller shall inform the data subject before lifting the restriction on processing.
7. The controller shall implement mechanisms to ensure that the time limits established for the erasure of personal data and/or for a periodic review of the need for the storage of the data are observed.
8. Where the erasure is carried out, the controller shall not otherwise process such personal data.
9. The Commission shall be empowered to adopt delegated acts in accordance with Article 86 for the purpose of further specifying:
(a) the criteria and requirements for the application of paragraph 1 for specific sectors and in specific data processing situations;
(b) the conditions for deleting links, copies or replications of personal data from publicly available communication services as referred to in paragraph 2;
(c) the criteria and conditions for restricting the processing of personal data referred to in paragraph 4.
2nd proposal close
1. The data subject shall have the right to obtain from the controller the restriction of the processing of personal data where:
(a) the accuracy of the data is contested by the data subject, for a period enabling the controller to verify the accuracy of the data;
(b) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; or
(c) he or she has objected to processing pursuant to Article 19(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.
3. Where processing of personal data has been restricted under paragraph 1, such data may, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest.
4. A data subject who obtained the restriction of processing pursuant to paragraph 1 (...) shall be informed by the controller before the restriction of processing is lifted.
Member States shall guarantee every data subject the right to obtain from the controller:
(b) as appropriate the rectification, erasure or blocking of data the processing of which does not comply with the provisions of this Directive, in particular because of the incomplete or inaccurate nature of the data;
Art. 36 WBP
1. Degene aan wie overeenkomstig artikel 35 kennis is gegeven van hem betreffende persoonsgegevens, kan de verantwoordelijke verzoeken deze te verbeteren, aan te vullen, te verwijderen, of af te schermen indien deze feitelijk onjuist zijn, voor het doel of de doeleinden van de verwerking onvolledig of niet ter zake dienend zijn dan wel anderszins in strijd met een wettelijk voorschrift worden verwerkt. Het verzoek bevat de aan te brengen wijzigingen.
2. De verantwoordelijke bericht de verzoeker binnen vier weken na ontvangst van het verzoek schriftelijk of dan wel in hoeverre hij daaraan voldoet. Een weigering is met redenen omkleed.
3. De verantwoordelijke draagt zorg dat een beslissing tot verbetering, aanvulling, verwijdering of afscherming zo spoedig mogelijk wordt uitgevoerd.
4. Indien de persoonsgegevens zijn vastgelegd op een gegevensdrager waarin geen wijzigingen kunnen worden aangebracht, dan treft hij de voorzieningen die nodig zijn om de gebruiker van de gegevens te informeren over de onmogelijkheid van verbetering, aanvulling, verwijdering of afscherming ondanks het feit dat er grond is voor aanpassing van de gegevens op grond van dit artikel.
5. Het bepaalde in het eerste tot en met vierde lid is niet van toepassing op bij de wet ingestelde openbare registers, indien in die wet een bijzondere procedure voor de verbetering, aanvulling, verwijdering of afscherming van gegevens is opgenomen.
1. A person who has been notified of personal data relating to him in accordance with Section 35 may request the controller to correct, supplement, remove or block those data if they are factually incorrect, incomplete or irrelevant in relation to the purpose(s) of the processing or are otherwise being processed in breach of legal rules. The request will contain the changes to be made.
2. The controller will notify the applicant within four weeks of receiving the request in writing whether or to what extent he is complying with the request. A refusal will be reasoned.
3. The controller will ensure that a decision to correct, supplement, remove or block data is implemented as soon as possible.
4. Where personal data have been recorded on a data carrier to which changes cannot be made, he will take the measures necessary to inform the user of the data of the impossibility of correcting, supplementing, removing or blocking data despite the fact that there are grounds to amend the data on the basis of this section.
5. The provisions of subsections 1 and 4 do not apply to public registers which have been established by law, where such law provides for a special procedure to correct, supplement, remove or block data.