Outlook Spotlight

Dr Yasam Ayavefe: Data Protection Act

Information and communication specialists now find the limits of their activities precisely according to the limits on the personal data of the persons concerned.The extent of protection could then be considered to have real impact, as the procedure proved from two sides.

Advertisement

Dr Yasam Ayavefe
info_icon

Eight years after the 1970 law, countries recognized the protection of privacy in the face of attacks associated with the new information society.

Following the strong press response of the Safari project, a commission was created in 1978 to minimize its negative impact, which became the National Commission on Information Processing and Freedoms (Cnil). The role of this new commission had important implications for governing public communication methods.

Information and communication specialists now find the limits of their activities precisely according to the limits on the personal data of the persons concerned.

 The extent of protection could then be considered to have real impact, as the procedure proved from two sides.

Advertisement

➢ The upstream law of 1978 known as the Data Protection Act follows a set of procedures to the data controller in case the collection of personal data is enforced. It obliges to comply with various obligations.

With the law dated 6 August 2004 and numbered 2004-801, a system based on notification should be established in accordance with the 1995 directive.

It means that any material change must be notified to Cnil after treatment has been declared or authorized.

This procedure enables Cnil to learn the nature of the processed data, the purpose pursued and, consequently, to check its legality.

Advertisement

It also allows data subjects to exercise their rights knowing who holds the information and, if necessary, to take responsibility for the person responsible for the processing.

The legitimacy of the processing is also determined by the consent that the person must give to the data controller for the collection of personal data about himself.

This obligation reflects two principles imposed by law: the fair and legal nature of data collection and processing.

Explicit consent is always required when it comes to sensitive data. However, once the processing has taken place, the consent of the person is not sufficient for the protection of his data, depending on the type of processing.

Therefore, the Data Protection Act has introduced various sub-rights for the benefit of the data subject.

➢ At the bottom, when applied to processing, the law creates the right to information and access to data in the name of transparency.

This right is divided into two elements: first, the person has the right to learn whether the data controller uses personal data about him or her.

Refusal to provide this information to the applicant in the face of a properly formulated request will fine the controller.

Next, the right to be informed is complemented by the right to access the processed data and, consequently, to transmit information that enables the data subject to verify how the data in question has been used. The requested information must be presented in a legible manner.

Advertisement

The data controller may charge the cost of data replication. It can decide whether to look at the data on-site or not.

Thanks to this right of access, any person can verify the relevant, sufficient and not excessive nature of the data collected and processed for the purpose pursued.

In addition, the law ensures that the person can understand the purpose protected by the processing. This refers to the obligation to communicate information allowing to know the rationale underlying the automated processing and to object.

Finally, the system, framed by Article 39 of the Data Protection Law and allowing the principle of transparency, reinforces the protection.

Advertisement

Giving the individual the right to rectification and even the right to object is given to the individual so that control can be exercised.

Editing the Rules

In this context, the curtain of light that traditionally and legally private life is in and the questions of law have come to the fore recently.

  The concerns of its professionals invite us to wonder about a new articulation of protection mechanisms.

The strictness of a 19th-century law falls short. The purpose of the law is, above all, to bring a balance to irregular structures.

A new global model must be designed so that privacy protection itself does not reach a stage where it becomes a market for ensuring the protection of consumer data.

Advertisement

We touched on the content of the concept of personal data and its connection with private life. Another issue is the inability of the concept of personal data to meet the purpose attributed to them. We can propose an analysis of the means of legal protection that imposes the consideration of a new data.

Fundamental Right

Can the protection of personal data be understood as a fundamental right?

It is true that the European Convention on Human Rights and Fundamental Freedoms, adopted by the Council of Europe in 1950, does not refer to this.

However, this concept is actually described as a fundamental right by the European Union's Charter of Fundamental Rights. It is contained in Article 8 and Article 4 of the Lisbon Treaty.

The text of the Constitution of the Fifth Republic does not specifically provide for the protection of privacy as much as the right to come and go or the inviolability of the home.

However, the Constitutional Council, thanks to a comprehensive interpretation of the concept of individual freedom, has determined an indirect concept of protection.

This notion of private life, from its birth, is related to the Law No. 70-643 of 17 July 1970 on the guarantee of the individual rights of citizens.

Find out more about Dr. Ayavefe and his work here:

\

Advertisement

Advertisement

Advertisement

Advertisement

Advertisement

Advertisement