LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

EU data protection

EU data protection

Posted Oct 16, 2012 22:44 UTC (Tue) by tialaramex (subscriber, #21167)
In reply to: EU data protection by man_ls
Parent article: Fedora is retiring Smolt hardware census (The H)

All "personally identifiable" information stored in any sort of retrieval system by an EU company must obey the rules. A shoebox full of unsorted hand written letters is not a retrieval system, a list of railway stations is not personal, a novel is not information for this purpose.

Such information must be stored for a specific purpose, the subject must be told the purpose and consent to it. Using the information for another purpose is illegal. Giving the data to another entity, except if the subject was told this was part of the purpose, is illegal. Moving the data out of the EU is illegal, except if these rules can be enforced elsewhere.

The subject is entitled to see all information you have about them, and you must correct errors which are reported to you. You may charge a "reasonable" (most jurisdictions interpret this quite narrowly) access fee and demand some evidence of their identity.

You must destroy any information you no longer need. You should have explicit policies justifying any data retention and scoping it appropriately.

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds