Skoči na glavni sadržaj

InterEULawEast : Journal for the international and european law, economics and market integrations, Vol. 9 No. 2, 2022.

Izvorni znanstveni članak

https://doi.org/10.22598/iele.2022.9.2.2

GRANULARITY AND SPECIFICITY OF CONSENT AND IMPLICATIONS THEREOF FOR THE DATA CONTROLLER IN THE LIGHT OF THE PRINCIPLE OF ‘PURPOSE LIMITATION‘

Juanita Goicovici orcid id orcid.org/0000-0002-0050-4511 ; Faculty of Law University Babes-Bolyai of Cluj-Napoca, Cluj-Napoca, Romania;

Puni tekst: engleski pdf 322 Kb

str. 43-69

preuzimanja: 218

citiraj

Sažetak

The study discusses the problematics of the granularity and specificity of the data subject’s´consent, in the light of the principle of ‘purpose limitation’ when collecting and processing personal data while distinguishing between the imperatives deriving from the principle of purpose limitations (i) form those arising from the incidence of the principle of storage limitations (ii). These issues remain highly important in litigious hypotheses of processing personal data of customers collected and stored unlawfully, including in terms of post-verification of the processing purposes. Secondly, the study focuses on the limits of the purpose limitation principle, set out in Article 5 para. (1), (b) of the GDPR, including bifurcated components: personal data must, on the one hand, be collected for determined, explicit, and legitimate purposes, and, on the other hand, not to be further processed in a manner which becomes incompatible with the initial collecting purposes. We argue that the mentioned principle aims to delimit as clearly as possible the use of personal data by ensuring a balance between respect for the fundamental rights of data subjects in terms of privacy and data protection and the recognition of certain flexibility in favor of the operator in the management of such data, as imposed by digitalization and its inherent risks. In its second component, which is of particular interest to us in the present study, the purpose limitation principle seeks to define the extent to which personal data collected for a particular purpose may be reused by companies, since any processing after collection must be considered as ‘further processing’ and must therefore meet, with certain exceptions, the purpose-compatibility requirements.

Ključne riječi

specificity of consent; the principle of accountability; granular consent; personal data; purpose limitation; GDPR.

Hrčak ID:

293334

URI

https://hrcak.srce.hr/293334

Datum izdavanja:

31.1.2023.

Posjeta: 479 *