Chapter 9 – Provisions Relating to Specific Processing Situations
Oh here we go into chapter 9. Outliers! Can’t wait to see what’s in store. Every rule has exceptions and it looks like this one has six.
Articles 85 through 91 go through specific cases where things go a bit different. It’s kind of like the Physics Holy Grail of the Theory of Everything. Some people have tried, a few have gotten closer than others, but you’ll never get to a perfect state with one regulation to rule them all.
Article 85 – Processing and Freedom of Expression and Information
3 paragraphs. This one is easy. The shadowy folk who wrote this legislation figured dealing with each member state’s freedom of expression and freedom of information laws and dovetailing them into this regulation was too hard. So they are telling the member states to reconcile the rules on their own and send them a copy when their done.
So without the UKs follow on legislation of how we are going to implement GDPR here we’ve got the largest loop hole in the world. I’m sure there is legalese that stops me saying that my auto-dialled spam marketing calls are a post-modernist expression of consumer culture and by extension a representation of the unoriginality in modern communication, but I’m going to say that anyway. And I’ll make sure the newspapers get it right each time they write it out.
Article 86 – Processing and Public Access to Official Documents
1 paragraph. Public documents are public ya’ll. So that worried look planners get when you ask to see all of those planning applications that have so much personal info written all over them is brought on by them not knowing that this little titbit exists in GDPR.
Article 87 – Processing of the National Identification Number
1 paragraph. This is not going to be popular here in the UK. National Identification is as about as popular as pre-fabricated housing or Gary Glitter. I’ve come from far away over the salty sea and didn’t grow up with the prejudices that make me thing of 1930s Germany every time someone mentions and ID card. However, I have been here long enough to see several multi-billion pound attempts go belly up.
Article 88 – Processing in the Context of Employment
3 paragraphs. Much like Article 85 the shadow people don’t want to have to deal with the myriad of Member State employment law. They want the Member States to do it and get back to them with their own modifications. However there is a little quip in paragraph two that lays out that these additional rules need to ‘safeguard the data subject’s human dignity.’ Now there might be a legal definition of what human dignity is, but I’d like to think this was a dig at the UK’s Zero Hour Contracts. Think we’ll have to scrap them?
Article 89 – Safeguards and Derogations Relating to Processing for Archival Purposes in the Public Interest, Scientific or Historical Research Purposes or Statistical Purposes
4 paragraphs. OMG the word derogations are being used again. I’m using that word at home now. I told my wife that I have derogated my need to wash dishes after tea. She then went and derogated marital congress so while it was a fun argument I ultimately lost. I generally do when it comes to my wife.
In effect this is just spending time saying that when the government has your data and keeps it for archival purposes in the public interest, or keeps it for scientific, historical or statistical purposes and they can’t process the data with safeguards such as pseudonomynisation then the Member State can relax the laws for these specific purposes.
Article 90 – Obligations of Secrecy
2 paragraphs. Unless I’m missing the mark with regards to the definition of ‘Obligations of Secrecy’ this seems like a handy little nod to all the intelligence agencies out there. I’m now relying on the bro code that speaks to one bro’s duty to, on the death of their bro, erase the deceased bro’s search history. GCHG has got to employ a few bros…don’t they? Fist bump to the spy dudes!
Article 91 – Existing Data Protection Rules of Churches and Religious Associations
2 paragraphs. I think I might have spotted a typo. The title of this article leads one to believe we are dealing with religious organisations. However they list out the possible organisations as: “churches and religious associations or communities” now the desired implication I believe is religious communities, but the word ‘or’ separates churches and religious associations from communities leaving communities to mean in a literal sense any community.
Beyond that these organisations can submit their own rules of how they will comply with this regulation. I wonder, can our community here at Wittin can submit a few rules? I get the feeling, that if I had money I’d just waste it all on test cases for typos in random laws.
Thought of the Week
So Chapter 9 hasn’t been a very big blog post this week. So maybe we’ll throw in a bonus thought of the week. I recently read an article about a researcher who took a large collection of personal profile data scraped from the web and then built a neural net AI to work through that as training data in preparation for building its own personal profiles. At the end of his research he destroyed the data he had used as training data. He then posed the question: would releasing the AI model for building personal profiles breach data privacy of the individuals in the training data? Or has he found the beginning of the path for us to start properly going after synthetic data solutions? Something to chew on.
Next week we get to look very quickly at some procedures of European law that are so boring I’m going to have to go take a nap before I post this. It’s going to be a short one. So I’ll spend some time thinking up a new weekly thought. Till next time homies.