NemoClaw Knowledge Wiki

gdpr

2 min read

🗂️ Health & Wellbeing · View mindmap

GDPR

General Data Protection Regulation ((EU) 2016/679) is the primary legal framework in the european-union for data protection and privacy, governing the collection, processing, and storage of personal data. It replaced the 1995 Data Protection Directive to harmonize data privacy laws across Europe and strengthen individual control over their data.

Key Principles

  • Lawfulness, Fairness, and Transparency: Data must be processed lawfully and transparently.
  • Purpose Limitation: Data collected for specified, explicit, and legitimate purposes.
  • Data Minimization: Data must be adequate, relevant, and limited to what is necessary.
  • Accuracy: Personal data must be accurate and kept up to date.
  • Storage Limitation: Data retained no longer than necessary.
  • Integrity and Confidentiality: Protected against unauthorized or unlawful processing.
  • Accountability: Data controllers are responsible for compliance.

Core Rights of Data Subjects

  • Right to access, rectification, and erasure (“right to be forgotten”).
  • Right to restrict processing and data portability.
  • Right to object to processing, including profiling.
  • Rights related to automated decision-making.

Scope and Enforcement

Applies to all organizations processing the personal data of EU residents, regardless of location. Non-compliance can result in fines up to €20 million or 4% of global annual turnover, whichever is higher. Supervisory authorities enforce compliance, often requiring Data Protection Impact Assessments (DPIAs) for high-risk processing.

Recent Case Studies and Applications

  • Public Health Surveillance: The regulation was critically examined during the development of digital contact tracing tools.
    • See: Bradford - COVID-19 contact tracing apps
    • Aboy & Liddell (2020) highlight the tension between public health objectives and GDPR compliance in app design, noting that while HIPAA and CCPA offer different frameworks, GDPR’s strictness necessitated specific exemptions or derogations for emergency public interest tasks.
    • Key concern: Ensuring data minimization and storage limitation in apps that could otherwise become tools for pervasive digital surveillance.

Graph View

Backlinks