undefined | Better HN

0 pointsbobcostas558y ago0 comments

It's curious how these "basic, fundamental" rights only apply to select industries, while others are free to completely ignore them (art. 85). What kind of basic, fundamental right is that?

0 comments

4 comments · 3 top-level

brisance8y ago· 1 in thread

Even the beloved First Amendment does not protect all forms of speech. Your point…?

brisance8y ago

Please explain why the parent comment attracted downvotes. In the US Constitution, the first amendment protects Americans' right to free speech. However, not all forms of speech are protected. The same legal principle applies to the GDPR; not all industries need to follow the GDPR, as laid out in the Article 85.

shabble8y ago

Are we reading the same Article 85 here?

Member States shall by law reconcile the right to the protection of personal data pursuant to this Regulation with the right to freedom of expression and information, including processing for journalistic purposes and the purposes of academic, artistic or literary expression.[1]

Not sure how that's 'complete freedom to ignore' exactly, nor is that an exhaustive list, just some examples of where they may need to be balanced against other freedoms.

[1] https://gdpr-info.eu/art-85-gdpr/

gerdesj8y ago

http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX...

(see below for my response wrt SS85) I prefer to dwell on things like this:

The processing of personal data should be designed to serve mankind. The right to the protection of personal data is not an absolute right; it must be considered in relation to its function in society and be balanced against other fundamental rights, in accordance with the principle of proportionality. This Regulation respects all fundamental rights and observes the freedoms and principles recognised in the Charter as enshrined in the Treaties, in particular the respect for private and family life, home and communications, the protection of personal data, freedom of thought, conscience and religion, freedom of expression and information, freedom to conduct a business, the right to an effective remedy and to a fair trial, and cultural, religious and linguistic diversity.

Below:

A personal data breach may, if not addressed in an appropriate and timely manner, result in physical, material or non-material damage to natural persons such as loss of control over their personal data or limitation of their rights, discrimination, identity theft or fraud, financial loss, unauthorised reversal of pseudonymisation, damage to reputation, loss of confidentiality of personal data protected by professional secrecy or any other significant economic or social disadvantage to the natural person concerned. Therefore, as soon as the controller becomes aware that a personal data breach has occurred, the controller should notify the personal data breach to the supervisory authority without undue delay and, where feasible, not later than 72 hours after having become aware of it, unless the controller is able to demonstrate, in accordance with the accountability principle, that the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. Where such notification cannot be achieved within 72 hours, the reasons for the delay should accompany the notification and information may be provided in phases without undue further delay.

j / k navigate · click thread line to collapse