MVCR: Purpose Specification Design
have review the opinion on Purpose Specification
http://idpc.gov.mt/dbfile.aspx/Opinion3_2013.pdf and have pulled out some great experts you can find this on the wiki here.
(Note: An additional extension may be the data retention period required for this purpose. But in discussion on the list John indicate that data retention may better be specified by attribute than by purpose. Either way we agreed that data retention should not be mandatory in the MVCR but optional. So data retention issue has been added to issues in GitHub and tabled for the moment. )
Review of
“When applying data protection law, it must first be ensured that the purpose is specific, explicit and legitimate. This is a prerequisite for other data quality requirements, including adequacy, relevance and proportionality (Article 6(1)(c)), accuracy and completeness (Article6(1)(d)) and requirements regarding the duration of retention (Article 6(1)(e)). In cases where different purposes exist from the beginning and different kinds of data are collected and processed simultaneously for these different purposes, the data quality requirements must be complied with separately for each purpose. If personal data are further processed for a different purpose the new purpose/s must be specified (Article 6(1)(b)), and it must be ensured that all data quality requirements (Articles 6(1)(a) to (e)) are also satisfied for the new purposes.
First, any purpose must be specified, that is, sufficiently defined to enable the implementation of any necessary data protection safeguards, and to delimit the scope of the processing operation.
Second, to be explicit, the purpose must be sufficiently unambiguous and clearly expressed. (Comparing the notion of ‘explicit purpose’ with the notion of ‘hidden purpose’ may help to understand the scope of this requirement.)
Third, purposes must also be legitimate.
- This notion goes beyond the requirement to have a legal ground for the processing under Article 7 of the Directive and also extends to other areas of law.
- Compatible Use – compatible use is described as the way in which personal data can be used for purpose other than that specified. (Note: This requires research into how to codify or automate compatible use. If anyone knows of any research this would be very useful)
Notable Excerpts:
Purpose specification lies at the core of the legal framework established for the protection of personal data. In order to determine whether data processing complies with the law, and to establish what data protection safeguards should be applied, it is a necessary precondition to identify the specific purpose(s) for which the collection of personal data is required. Purpose specification thus sets limits on the purposes for which controllers may use the personal data collected, and also helps establish the necessary data protection safeguards.
Purpose specification requires an internal assessment carried out by the data controller and is a necessary condition for accountability. It is a key first step that a controller should follow to ensure compliance with applicable data protection law. The controller must identify what the purposes are, and must also document, and be able to demonstrate, that it has carried out this internal assessment.”
“ User control
User control is only possible when the purpose of data processing is sufficiently clear and predictable. If data subjects fully understand the purposes of the processing, they can exercise
their rights in the most effective way. For instance, they can object to the processing or request the correction or deletion of their data. As will be developed below, this does not mean that the presented purpose should always be trusted as the actual and effective one, as there may be a discrepancy between what is claimed and what is pursued in practice by the data controller. Ultimately, compliance with other data protection requirements, such as the necessity and relevance of data, will always need to be measured against the actual purpose”
****
Compatible Use:
- purpose limitation - requires that in each situation where further use is considered, a distinction be made between additional uses that are 'compatible', and other uses, which should remain 'incompatible'. The principle of purpose limitation is designed to offer a balanced approach: an approach that aims to reconcile the need for predictability and legal certainty regarding the purposes of the processing on one hand, and the pragmatic need for some flexibility on the other. As to the notion of incompatible use, the study notes that the test to determine incompatibility varies from 'reasonable expectations' of the data subject (in certain cases in Belgium) to application of balancing tests (Germany and the Netherlands) , or it is intimately linked to other safeguarding principles of transparency, lawfulness and fairness (UK and Greece).