General Data Protection Regulation: Difference between revisions

(2 intermediate revisions by the same user not shown)

Line 51:

When automated decisions are made under contractual necessity or explicit consent, the data controller must implement safeguards including human intervention options, allowing individuals to express their views and contest decisions. Automated decisions cannot be based on special categories of personal data (such as race, health data, or political opinions) unless specific conditions are met and appropriate safeguards are in place.

=== Chapter 4: Controller and processor ===

===Chapter 4: Controller and processor===

Chapter 4 of the GDPR covers general obligations of controllers and processors of data, their security, impact assessments and responsibility.<ref>[https://gdpr-info.eu/chapter-4/ "Chapter 4: Controller and processor"] - gdpr-info.eu - 25 May 2018</ref>

==== Article 28: Processor ====

====Article 28: Processor====

''Main wiki: [https://gdprhub.eu/index.php?title=Article_28_GDPR Article 28 GDPR]''

Outsourcing data processing to service providers is no excuse not to comply with GDPR, it is still up to the controller to ensure that the GDPR is complied with.

==Consent-or-pay==

''Main article: [[Consent-or-pay]]''

In response to the GDPR's demand for transparency in data collection, some companies have began a new practice in which viewers may enter the company's website either by accepting all cookies or by paying a monthly fee to protect their privacy. Although the fee's purpose is to offset the lost revenue from cookie rejection, it has been considered coercive and predatory by some, including policymakers, and Meta has been investigated and fined in 2024 for this practice.

It is unclear how the European Commission will continue to handle the consent-or-pay practice in the future.

==See also==

*[[Consent-or-pay]]

*https://gdprhub.eu, a wiki summarizing GDPR-related decisions by authorities and courts across Europe

@@ Line 51: / Line 51: @@
 When automated decisions are made under contractual necessity or explicit consent, the data controller must implement safeguards including human intervention options, allowing individuals to express their views and contest decisions. Automated decisions cannot be based on special categories of personal data (such as race, health data, or political opinions) unless specific conditions are met and appropriate safeguards are in place.
-=== Chapter 4: Controller and processor ===
+===Chapter 4: Controller and processor===
 Chapter 4 of the GDPR covers general obligations of controllers and processors of data, their security, impact assessments and responsibility.<ref>[https://gdpr-info.eu/chapter-4/ "Chapter 4: Controller and processor"] - gdpr-info.eu - 25 May 2018</ref>
-==== Article 28: Processor ====
+====Article 28: Processor====
 ''Main wiki: [https://gdprhub.eu/index.php?title=Article_28_GDPR Article 28 GDPR]''
 Outsourcing data processing to service providers is no excuse not to comply with GDPR, it is still up to the controller to ensure that the GDPR is complied with.
+==Consent-or-pay==
+''Main article: [[Consent-or-pay]]''
+In response to the GDPR's demand for transparency in data collection, some companies have began a new practice in which viewers may enter the company's website either by accepting all cookies or by paying a monthly fee to protect their privacy. Although the fee's purpose is to offset the lost revenue from cookie rejection, it has been considered coercive and predatory by some, including policymakers, and Meta has been investigated and fined in 2024 for this practice.
+It is unclear how the European Commission will continue to handle the consent-or-pay practice in the future.
 ==See also==
+*[[Consent-or-pay]]
 *https://gdprhub.eu, a wiki summarizing GDPR-related decisions by authorities and courts across Europe