Le “categorie particolari di dati” ex art. 9 GDPR. Divieti, eccezioni e limiti alle attività di trattamento

• Busacca, Angela ^[1]
  1. [1] Aut 4468646
• Localización: Ordine Internazionale e Diritti Umani, ISSN-e 2284-3531, Nº. 1, 2018, págs. 36-54
• Idioma: italiano
• Títulos paralelos:
  • The “special categories of personal data” under art. 9 of the gdpr
• Enlaces
  • Texto completo (pdf)
• Resumen

  • The set of regulations coded in Italian Legislative Decree no. 196/2003 (the socalled Privacy Code) will have to come into line with the rest of the EU within a year, so as to obtain a uniform set of rules on the protection of individuals regarding the processing of personal data, rendering the static approach of Directive 95/46/EC of the European Parliament more dynamic. These changes are necessary to keep up to date with Web 2.0, characterized by new communication channels and information flows, as well as powerful search engines, thus creating the necessity of a multi-levelled protection, able to combine and guarantee protection not only of traditional individual rights, but also, and above all, of the so-called “indigenous” rights, ontologically linked with the Internet ecosystem.

    In particular, with regard to information and personal data, the distinction between “right to privacy” and “right to protection of personal data” is no longer exhaustive, also having to consider “on line data protection” and the right to be forgotten, protection against spoofing, profiling and phishing, protection of individuals’ digital identity, as well as various degrees of protection in the diffusion of data connected with e-commerce.

    In its general outline, this new approach is based on a more dynamic observation of data flows, on the principle of accountability (this term does not have an exact translation in Italian coded laws), as well as on the evaluation of risks which may arise in processing data, thus creating the premises for a precautionary approach.

    Specifically, the principle of accountability and a risk-oriented approach would appear to be necessary to process certain “particular categories of data” foreseen in article 9 of the Regulations, where a series of delicate matters are raised, with regard to an individual’s most intimate sphere.