Data Protection Online: Alternative Approaches to Sensitive Data?
Journal of International Commercial Law and Technology - Nbr. 2-1, January 2007
Rebecca Wong - Law Department University of Sheffield
Permanent Link:
http://vlex.com/vid/online-alternative-approaches-sensitive-41804169
Id. vLex: VLEX-41804169
The paper aims to review the criterion of "sensitive data" under Art. 8 of the Data Protection Directive 95/46/EC (DPD) in the online environment. Sensitive data is defined under Art. 8 as 'personal data revealing racial origin, political opinions or religious or philosophical beliefs, trade union membership, and the processing of data concerning health or sex life.' Following the Lindqvist case (C-101-01), it is questionable how the criterion applies in practice. More specifically, it can be contended that any images/photographs of the data subject uploaded on the internet falls within Art. 8 of the DPD because the image/picture reveals some of the characteristics that may be regarded as sensitive data. The paper also takes account of Professor Simitis's report entitled Revisiting sensitive data published in 1999, which examined whether "sensitivity" really was a valid criterion for determining the conditions of the processing in the context of the Council of Europe Convention on Personal Data. In this review, the paper calls for a change in how sensitive data is assessed. It considers the purpose-based and contextualised approach to sensitive personal data in the online environment.
Data Protection Online: Alternative Approaches to Sensitive Data?
A version of this paper was published in Complex 4/06 - Sylvia M. Kierkegaard (ed.): Legal, privacy and security issues in information technology
Key word: Sensitive data, data protection, online 1. Introduction The paper examines the concept of "sensitive data" as defined under the Data Protection Directive 95/46/EC (DPD) (hereinafter termed "DPD") and considers whether the categorisation of sensitive data should be amended in the light of technological developments. Under Art. 8(1) of the DPD, sensitive data is defined as 'personal data revealing racial origin, political opinions or religious or philosophical beliefs, trade union membership, and the processing of data concerning health or sex life.' However, when Art. 8(1) of the DPD is applied on the internet, it is questionable whether the criterion works in practice. More specifically, the case of Lindqvist (C-101/01)1 demonstrates the problem of publishing personal information containing sensitive data on the World Wide Web. In this case, L had uploaded a web page containing details about members of a Parish Church. The website also included information about a member who had injured her foot. When the case was referred to the European Court of Justice (ECJ) for a preliminary ruling, the issue was whether the publication of a member who had injured her foot constituted the processing of "sensitive data" because this was data concerning the health of an individual. Leaving aside the exemptions under Art. 8(2) of the DPD, my main concern is the broad application of Art. 8 DPD to anything published on the web page, which directly or in...
If you are already a vLex customer, Access Here
