REGULATION (EU) No XXX/2016 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of individuals with regard to the processing of personal data and on the free movement of such data

From Wiki IoT
Jump to: navigation, search

European Parliament and Council, REGULATION XXX/2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, XXX/2016, 17.12.2015

Type EU Regulation
Legal context EU
Abstract
Link http://static.ow.ly/docs/Regulation_consolidated_text_EN_47uW.pdf
Topics Data Protection, Data Usability, Technology, Interoperability

Notes

Recital 55 To further strengthen the control over their own data, where the processing of personal data is carried out by automated means, the data subject should also be allowed to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used, machine - readable and interoperable format and transmit it to another controller. Data controllers should be encouraged to develop interoperable formats that enable data portability. This right should apply wh ere the data subject provided the personal data based on his or her consent or the processing is necessary for the performance of a contract. It should not apply where processing is based on another legal ground other than consent or con tract. By its very nature this right should not be exercised against controllers processing data in the exercise of their public duties. It should therefore in particular not apply where processing of the personal data is necessary f or compliance with a legal obligation to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of an official authority vested in the controller. The data subject’s right to transmit or receive personal data concerning him or her does not create an obligation for the controllers to adopt or maintain data processing systems which are technically compatible. Where, in a certain set of personal data, more than one data subject is concerned, the right to receive the data should be without prejudice to the rights of other data subjects in accordance with this Regulation. This right should also not prejudice the right of the data subject to obtain the erasure of personal data and the limitations of that right as set out in this Regulation and should in particular not imply the erasure of personal data concerning the data subject which have been provided by him or her f or the performance of a contract, to the extent and as long as the data are necessary for the performance of that contract. Where technically feasible, the data subject should have the right to obtain that the data is transmitted directly from controller to controller.

Art. 18 Right to data portability 1. (...) 2. The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured and commonly used and machine - readable format and have the right to transmit those data to another controller without hindrance from the controller to which the data have been provided, where: (a) the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9 (2) or on a contract pursuant to point (b) of Article 6 (1); and (b) the processing is carried out by automated means. 2a. (new) In exercising his or her right to data portability pursuant to paragraph 1, the data subject has the right to obtain that the data is transmitted directly from controller to controller where technically feasible. 2a. The exercise of this right shall be with out prejudice to Article 17. The right referred to in paragraph 2 shall not apply to processing necessary for the performance o f a task carried out in the public interest or in the exercise of official authority vested in the controller. 2aa. The right referred to in paragraph 2 shall not adversely affect the rights and freedoms of others. 3. (...)