Companies abuse a loophole in data protection law | EDRI
►http://www.edri.org/edrigram/number10.24/data-protection-law-loophole
Personal data of internet users are often processed on a legal basis too weak to provide a real protection of the users’ right to privacy. On 11 December 2012, EDRi member Bits of Freedom published a report about the flaws of the so-called “legitimate interest” ground as a basis for data processing.
This ground is the last of six grounds included in article 7 of the Data Protection Directive (95/46/EC). Data controllers are free to choose on which of these six grounds they base the processing of personal data, provided the data does not fall under a specific consent-regime (such as sensitive data or location data). Processing based on legitimate interest allows data controllers to process personal data without the consent of their users, provided that the interests of the data controller or third parties are weighed against the interests and rights of these users.
In practice, this legal ground creates a loophole in the data protection regime. Bits of Freedoms report demonstrates that the use of the “legitimate interest” ground by companies such as #Facebook and #Google leads to the over-collection of personal data as such companies often let their own interests prevail over the interests of their users. The balance test is not subject to any authorization and the users are not in a position to effectively challenge the test. This means that in practice, a company is free to collect a lot of personal information without the users’ consent.
y a pas que le #fisc qu’Eric Schmidt peut être « fier » de contourner, il y a aussi les lois sur la #vie_privée #privacy #europe #cnil…