Différences entre versions de « RGPD »
De Mi caja de notas
(Page créée avec « Cette page a démarré sur iwc:GDPR {{stub}} '''<dfn>[http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32016R0679 GDPR]</dfn>''' est le Règlement du Parle... ») |
|||
Ligne 3 : | Ligne 3 : | ||
{{stub}} | {{stub}} | ||
− | '''<dfn>[http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32016R0679 | + | '''<dfn>[http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32016R0679 RGPD]</dfn>''' est le Règlement du Parlement Européen relatif à la Protection des personnes physiques à l'égard du traitement des données à caractère personnel et à la libre circulation de ces données qui établit des lignes directrices beaucoup plus strictes sur l'utilisation des informations personnellement identifiables, et est soutenu par la loi, y compris des amendes pour non-conformité. Adopté le 25 mai 2016, les organisations ont eu droit à une période de grâce de deux ans pour mettre leurs processus en conformité. Les organisations qui ne se conforment pas après le 25 mai 2018 encourent des pénalités allant jusqu'à 4% du chiffre d'affaires global annuel, ou 20 millions d'euros. |
== Cela s'applique-t-il mon site indieweb ? == | == Cela s'applique-t-il mon site indieweb ? == |
Version du 25 mai 2018 à 08:00
Cette page a démarré sur iwc:GDPR
Cet article est une ébauche. Vous pouvez m'aider à l'améliorer et le compléter. Merci.
RGPD est le Règlement du Parlement Européen relatif à la Protection des personnes physiques à l'égard du traitement des données à caractère personnel et à la libre circulation de ces données qui établit des lignes directrices beaucoup plus strictes sur l'utilisation des informations personnellement identifiables, et est soutenu par la loi, y compris des amendes pour non-conformité. Adopté le 25 mai 2016, les organisations ont eu droit à une période de grâce de deux ans pour mettre leurs processus en conformité. Les organisations qui ne se conforment pas après le 25 mai 2018 encourent des pénalités allant jusqu'à 4% du chiffre d'affaires global annuel, ou 20 millions d'euros.
Cela s'applique-t-il mon site indieweb ?
Perspective 1
Les sites purement personnels sont exemptés selon l'Article 2. Si votre site web contient des publicités payées ou de la publicité pour vos services ou vos produits, il rentre dans le champ du RGPD.
Perspective 2
Les interprétations strictes de la loi indiquent une portée potentielle du RGPD aux sites web personnel, non commerciaux sous certaines circonstances.
The conditions for exemption of Art. 2(2) lit. c GDPR are formulated very strictly: "by a natural person in the course of a purely personal or household activity". This is further specified by Recital 18(1) GDPR: "This Regulation does not apply to the processing of personal data by a natural person in the course of a purely personal or household activity and thus with no connection to a professional or commercial activity."
Strictly read, "no connection" could potentially mean that the GDPR is applicable to a personal website as soon as it has any connection to a professional or commercial activity, hence not only applying to commercial aspects but e.g. to a web professional discussing web technology on their personal site.
Quelques concepts RGPD
Please note: The Indieweb Wiki is not a legal resource. Information presented herein may not be accurate, or apply to your specific circumstances.
Legal grounds for processing
GDPR always requires a legal basis for data processing, see Art. 6 GDPR:
- Consent
- Contract
- Legal obligation
- Vital interest
- Public task
- Legitimate interest
Each of these come with strict rules as to their preconditions and resulting obligations.
Consent
Consent is one of six possible grounds to justify processing [1]. The Guidelines warn:
- if you rely on individuals’ consent to process their data, make sure it will meet the GDPR standard on being specific, granular, clear, prominent, opt-in, properly documented and easily withdrawn. If not, alter your consent mechanisms and seek fresh GDPR-compliant consent, or find an alternative to consent.
Data Portability
GDPR also requires data portability – that data can be moved from one service to another in a safe, standard, usable way.
Regarding which data the guidelines (PDF) eg. say:
As an example, the titles of books purchased by an individual from an online bookstore, or the songs listened to via a music streaming service are examples of personal data that are generally within the scope of data portability, because they are processed on the basis of the performance of a contract to which the data subject is a party.
This extends to “posts on social networking websites”, as noted on the official FAQ page. Your data will have to be provided to you “free of charge, in electronic format” [2] and you are allowed to give the data to another website [3]. This could make up for silos not offering native export options.
Data Erasure
Building on the 'Right to be Forgotten' decision in the European Courts, the Regulation for the first time codifies the right to have personal data erased by data processors. There are limits to this right, which must be balanced against freedom of expression, the public interest in health, scientific and historical research, and the exercise or defense of legal claims.
Extra Territoriality
Unlike the previous law (Data Protection Directive 95/46/e) the GDPR applies to all companies processing the personal data of all persons residing in the European Union, regardless of the company’s location. This is a major shift to the previous law, which required the establishment of a business in a member State of the Union. Furthermore, the previous gap in the law where data was 'processed' outside the EU no longer applies, as it is the subject of the data now has rights.
Articles
- « ». Leading to the following back-and-forth:
- « »
- « »
- « »
See Also
- blockchain criticism: violates GDPR
- http://www.eugdpr.org/
- https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/introduction/
- 2017/Nuremberg/law
- FreeMyOAuth
- https://amp.theguardian.com/technology/2017/aug/07/uk-citizens-to-get-more-rights-over-personal-data-under-new-laws
- Is Your Website GDPR Compliant? With extra focus on WordPress and plugins that collect personal data.
- https://www.gdprwp.com/ – We aim to give plugin developers a simple solution to GDPR validate their plugin, and offer Website Administrators the overview and tools to handle the administrative tasks involved with being GDPR compliant.
- https://www.smashingmagazine.com/2017/07/privacy-by-design-framework/
- Advice from mailing list service MailChimp
- GDPR Article 9) (2) e exempts processing relates to personal data which are manifestly made public by the data subject; https://gdpr-info.eu/art-9-gdpr/
- https://blog.acolyer.org/2018/03/21/on-purpose-and-by-necessity-compliance-under-the-gdpr/
- https://twitter.com/blaine/status/992450739518795776
- "Personal Email as used today violates GDPR? Discuss." @blaine May 4, 2018
- Handreichungen für kleine Unternehmen und Vereine (German)
- https://www.earth.li/pipermail/gdpr-discuss/
- https://velocitypartners.com/blog/gdpr-really-means/
- Charlie Stross's GDPR statement for his indie site: https://www.antipope.org/charlie/blog-static/2018/05/gdpr-compliance-notice.html
- https://www.theguardian.com/technology/2018/may/21/gdpr-emails-mostly-unnecessary-and-in-some-cases-illegal-say-experts