The new The General regulations on data protection (GDPR in its initials in english, General Data Protection Regulation) represents a turning point on the rights of citizens with regard to the government of personal data and privacy of citizens.
GDPR entered into force in 2016 updating Data protection directive 1995, but the public administrations and companies have had a period of two years to adapt to the new legislation. On 25 may this year is over this period and GDPR will become fully applies not only in the member states, but also for any organization that capture, store or process personal data of european citizens, no matter where they are located.
According to GDPR, a personal data is any information that will serve to identify a natural person. This definition as open generates a number of doubts. With a professional email GDPR, an IP address or the information collected by cookies from a website is personal data. Not to mention all this data by wearables or sensors, linked to the Internet of things or Smart cities – provided they identify a person —.
Some personal data may include information of great value to the citizens and businesses, but its reutilizadoras open publication can threaten privacy. According to GDPR, european citizens must give their consent “ clear ” to use your personal data. Therefore, unable to publish for reuse any personal data without the consent of those affected. It Is important to emphasise that this situation was already reflected in the Data protection act española – concretamente en el artículo 6.1-, por lo cual no supone un gran cambio.
However, there are exceptions that allow the publication of personal data:
If there are legitimate grounds for publication. For example, in the case of a judicial ruling.
If data had been. The anonymized anonimización is a process of disassociation through which data are de-link of the person to which they belong, so that they be “ personal data ”. That is, to delete data that can identify an individual or replaced by generic variables, such as postal districts, age groups, levels of education, etc. As we have seen, GDPR only applies to personal data, and if something is staff is no longer subject to this regulation.
The anonimización is a good resource for maintaining the value of open, allowing for different treatments (such as analysis and statistics), but it also has its risks. We must not confuse anonimización with pseudoanonimización, where they hide the identity, but is left a trail that can identify the citizen. The anonimización must ensure that cannot be to reunite the information on a specific individual by inference from non-personal data in a set of open data.
En el contexto actual, la privacidad es una preocupación inevitable cuando hablamos de datos abiertos. Para garantizar el cumplimiento normativo es importante regular y monitorizar los flujos de datos, de modo que la privacidad y la libertad de información, y los intereses de los ciudadanos y los reutilizadores de datos puedan equilibrarse. De esta forma conseguiremos promover la economía ligada a la reutilización de datos, generando nuevos productos y servicios que aporten valor a la sociedad, y respetando al mismo tiempo los derechos de los ciudadanos.