Select your nation of interest

Home

Some companies that have chosen us

Privacy Officer and Privacy Consultant
CDP Scheme according to ISO/IEC 17024:2012
European Privacy Auditor
ISDP©10003 Certification Scheme according to ISO/IEC 17065:2012
Auditor
According to standard UNI 11697:2017
Lead Auditor ISO/IEC 27001:2022
According to standard ISO/IEC 17024:2012
Data Protection Officer
According to standard ISO/IEC 17024:2012
Anti-Bribery Lead Auditor Expert
According to standard ISO/IEC 17024:2012
ICT Security Manager
According to standard UNI 11506:2017
IT Service Management (ITSM)
According to the ITIL Foundation
Ethical Hacker (CEH)
According to the EC-Council
Network Defender (CND)
According to the EC-Council
Computer Hacking Forensics Investigator (CHFI)
According to the EC-Council
Penetration Testing Professional (CPENT)
According to the EC-Council

Professional qualifications

Stay up-to-date with world news!

Select your topics of interest:

News

Home / News
/
Protection of the data subject and particular entered data.

Protection of the data subject and particular entered data.

One of the main risks from the 1.0 version of the EDPB n. 8/2020 guidelines on the targeting of social media users, is represented from the incorrect use of entered data. Given that entered data are the result of the mix between data offered by the social media user and the data that this one acquires from third parties, always with the maximum reference to the data subject.

This mix leads to the creation of data that the data subject did not give, neither to the social network, nor to third parties. This new data, that result attributable to personal data categories, fall outside the will of the data subject of given them, because they are created from the combination put in place by the social media.

It can not be excluded that from “common” personal data is it possible, between the mix of this data and those offered by third parties, to reach the generation and the process of data.

Provided that we ask to ourselves, if the social network can use particular entered personal data for the targeting and doing that without adquire a new consent of the data subject, that is without have a new ad-hoc Directory?

This question is very important if we consider the access right principles of the data subject, ex article 15 of the GDPR, and the transparent principle by the article 12 of the GDPR, and as it is mentioned from the article 5, paragraph 1, letter a of the GDPR, as well as the article 9 of the GDPR.

From an analysis of the EDPB guidelines in question the answer should be negative. Indeed, the data subject, not having wanted to disclose such particular personal data to the social network, cannot be overridden in his or her right to choose which personal data to disclose or which data not to collect. All the more so if it is particular personal data.

Therefore, it is hoped that a more detailed intervention will be carried out with the issue, perhaps, of specific guidelines aimed at resolving the long-standing issue of the personal data provided, with the hope of direct intervention by both the Italian and European DPA. The regulatory and policy uncertainty regarding the personal data concerned imposes, as it will impose, a more specific regulation to safeguard the rights of the data subject. SOURCE: FEDERPRIVACY

Team Privacy & Data Protection
30 October 2020

Recommended to you

Apple: 0-day detected in WebKit rendering engine (AL02/250312/CSIRT-ITA)

12 March, 2025

Adobe: Security Updates (AL03/250312/CSIRT-ITA

12 March, 2025

Joomla! Updates (AL04/250312/CSIRT-ITA)

12 March, 2025

HONG KONG SUPERVISORY AUTHORITY: Publishes Investigation Findingson the Data Breach Incident of the Companies...

12 March, 2025

Zoom Vulnerability (AL05/250312/CSIRT-ITA)

12 March, 2025

Laravel: Public PoC for CVE-2024-13919 Exploitation (AL06/250312/CSIRT-ITA)

12 March, 2025

Resolved vulnerabilities in Cisco products (AL07/250312/CSIRT-ITA)

12 March, 2025

ROMANIAN SUPERVISORY AUTHORITY: Sanction for violation of the GDPR

12 March, 2025

Ivanti March Security Update (AL05/250311/CSIRT-ITA)

11 March, 2025

Fixed vulnerabilities in Google Chrome (AL06/250311/CSIRT-ITA)

11 March, 2025

ROMANIAN SUPERVISORY AUTHORITY: Sanction for violation of the GDPR

11 March, 2025

Vulnerabilities discovered in Fortinet products (AL07/250311/CSIRT-ITA)

11 March, 2025

LATVIAN SUPERVISORY AUTHORITY: Can my personal data be transferred to extrajudicial debt collection or...

11 March, 2025

CROATIAN SUPERVISORY AUTHORITY: A new coordinated action by the EDPB has begun: the right...

11 March, 2025

CISCO Product Updates (AL01/230112/CSIRT-ITA)

10 March, 2025

HONG KONG SUPERVISORY AUTHORITY: A Female Arrested for Suspected Doxxing Arising from Online Shopping Dispute

10 March, 2025

Vulnerability in QNAP Products (AL01/250310/CSIRT-ITA)

10 March, 2025

ICELANDIC SUPERVISORY AUTHORITY: Information obligation for automated decision-making

7 March, 2025

IRISH SUPERVISORY AUTHORITY: The DPC’s handling of Subject Access Requests

7 March, 2025

Vulnerabilities in ServiceNow Products (AL01/250307/CSIRT-ITA)

7 March, 2025

Advanced Research