Browsing by Author "Pyka, Aleksandra"

Now showing 1 - 3 of 3
  • Item
    Ocena skutków dla ochrony danych
    (Wydawnictwo Naukowe UAM, 2020) Pyka, Aleksandra
    This article deals with the issue of impact assessment for the protection of personal data. This is a new obligation for the controller. The article presents the essence of impact assessment (DPIA), exclusion from the obligation to carry it out, the prerequisite for mandatory DPIA, the role of the data protection officer and the powers of the supervisory authority. The analysis of legal provisions related to the impact assessment presented here does not refer to specific situations, due to the wide scope for interpreting specific phrases contained in the General Regulation. Nevertheless, the article discusses the issue of conducting data protection impact assessments as one of the most problematic obligations incumbent on the controller, who in practice raises many doubts. The DPIA has been imprecisely regulated by the EU legislator, thus leaving controllers plenty of leeway to interpret the terms used in the General Regulation. In addition, carrying out a DPIA in practice (as a new obligation on entities setting the purposes and means of data processing) can be problematic due to the lack of harmonized methods for conducting a data protection impact assessment. However, controllers cannot assign DPIA implementation to other entities involved in data processing, such as an entity processing personal data on behalf of another. Entities setting the purposes and methods of data processing should not only take into account the provisions of the General Regulation but also a list of data processing operations that are obligatorily subject to DPIA. Controllers fulfilling the obligation to carry out a data protection impact assessment will be obliged by the supervisory authority to demonstrate how to carry out a data protection impact assessment.
  • Item
    Przetwarzanie danych biometrycznych. Aspekty prawne
    (Wydawnictwo Naukowe UAM, 2018) Pyka, Aleksandra
    Biometric data processing and related data protection issues have gained importance as a result of a wide use of technologies using such data for the identification and verification of data subjects. Problems may arise due to the lack of awareness of the need to comply with the provisions on the protection of personal data. Such a problem could also have arisen in Poland. The Act on personal data protection, no longer in force, did not refer literally to any of the provisions on biometric data. This potentially could raise doubts, inter alia, with regard to the application of this Act, especially since only the General Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) introduced a definition of such data and classified them in special categories of personal data, the processing of which will require one of the conditions set out in Article 9(2) of the General Regulation. Such singularity of biometric data results from the source of their acquisition (physiological, physical and behavioural traits). This, however, should not be seen as an argument for the limiting of the processing of biometric data. It is nevertheless important that the processing of these personal data is in line with the principles set out in the General Regulation. The use of bi- ometrics is likely to become more widespread in the long term. This trend is already taking place, but there is a noticeable concern on the part of the data subjects about the collection of these data. The legal provisions repealed in the context of the data protection reform in 2018 have also been taken into account in the deliberations.
  • Item
    Przetwarzanie danych osobowych do celów badań naukowych. Aspekty prawne
    (Wydawnictwo Naukowe UAM, 2019) Pyka, Aleksandra
    This article refers to the issue of personal data processing conducted in connection with scientific research and in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). It is not uncommon for the purposes of scientific research to process personal data, which is connected with the obligation to respect the rights of the data of the subjects involved. Entities conducting scientific research that process personal data for this purpose are required to apply the general reg­ulation governing, among others, the obligations imposed on the controllers. The issue of personal data processing for scientific research purposes has also been regulated in national legislation in connection with the need to apply the General Data Protection Regulation. The article discusses the basics of the admissibility of data processing for the needs of scientific research; providing personal data regarding criminal convictions and offences extracted from public registers at the request of the entity conducting scientific research; exercising the rights of the data of the subjects concerned; as well as the implementation of appropriate technical and organizational measures to ensure the security of data processing. In addition, the article discusses the issue of anonymization of personal data carried out after achieving the purpose of personal data processing, as well as the processing of special categories of personal data. The topics discussed in the article were not discussed in detail, as this would require further elaboration in a publication with a much wider volume range.