![]() The regulatory statement is valid until further notice, although it may be revoked or amended in the event of new case law or guidance from the EDPB. ![]() IMY’s regulatory statements provide guidance to the public and govern IMY’s operations. IMY’s regulatory statements clarify IMY’s standpoint on legal issues where no guidance is provided by case law or the European Data Protection Board (EDPB). What is the status of IMY’s regulatory statement? However, it will be considered such processing if the course of events is separated afterwards in order to document, follow-up or file a police report regarding the crime. If the purpose of the processing is wholly or partly to process data related to criminal offences, this indicates that the data is covered by the scope of Article 10 of the GDPR.Īccording to IMY, data relating to actual observations or the mere passive processing of a course of events where objective criteria in a penal provision may be met e.g., filming of possible law violations through camera surveillance, is normally not considered processing of data within the meaning of Article 10 of the GDPR. This is also the case if data are compiled in such a way that the data correspond to the objective criteria in a penal provision. According to IMY, the data must be concrete to a certain degree to qualify as personal data relating to criminal offences, which they are if they concern a certain crime or category of crime. However, not all data regarding suspected criminal offences are covered by Article 10 of the GDPR. ![]() According to the CJEU, the objective is to protect the data subject from processing that could risk leading to serious interference with his or her private or professional life, for example if the public access to such data would lead to social disapproval or stigmatisation of the data subject. IMY considers this interpretation to be in line with the findings issued by the Court of Justice of the European Union (CJEU) in the case Latvijas Republikas Saeima, in which the CJEU stated that the objective behind Article 10 should be taken into account. Personal data relating to criminal offences could include data regarding whether an individual is or has been suspected of committing a criminal offence, even though legal proceedings have not been initiated. The latter also includes verdicts of acquittal in criminal cases. Consequently, the protection afforded by Article 10 extends to information that discloses whether a person is or has been the subject of a police report, preliminary investigation, prosecution or proceedings in criminal cases. IMY concludes that information concerning legal proceedings which have been initiated against an individual constitutes personal data relating to criminal offences within the meaning of Article 10 of the GDPR. Examples of when organisations other than public authorities are allowed to process such data include if the processing is necessary to i) establish, exercise or defend legal claims, or ii) in order to fulfil an obligation under law or regulation (exceptions apply to these criteria). The scope for organisations other than public authorities to process personal data relating to criminal offences is limited. In Sweden, the general rule is that personal data relating to criminal (convictions or) offences referred to in Article 10 of the GDPR can only be processed by public authorities. rättsligt ställningstagande) regarding the meaning of the concept “personal data relating to criminal offences” in Article 10 of the GDPR. On the 8 th of December 2021, the Swedish Authority for Privacy Protection (IMY) issued a regulatory statement (Sw.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |