Больше
Навигация
CHAPTER I General provisions (1-4)
Article 1. Subject-matter and objectivesArticle 2. Material scopeArticle 3. Territorial scopeArticle 4. Definitions
CHAPTER II Principles (5-11)
Article 5. Principles relating to processing of personal dataArticle 6. Lawfulness of processingArticle 7. Conditions for consentArticle 8. Conditions applicable to child's consent in relation to information society services
Article 9. Processing of special categories of personal data
Article 10. Processing of personal data relating to criminal convictions and offencesArticle 11. Processing which does not require identification
CHAPTER III Rights of the data subject (12-23)
Article 12. Transparent information, communication and modalities for the exercise of the rights of the data subjectArticle 13. Information to be provided where personal data are collected from the data subjectArticle 14. Information to be provided where personal data have not been obtained from the data subjectArticle 15. Right of access by the data subjectArticle 16. Right to rectificationArticle 17. Right to erasure (‘right to be forgotten’)Article 18. Right to restriction of processingArticle 19. Notification obligation regarding rectification or erasure of personal data or restriction of processingArticle 20. Right to data portabilityArticle 21. Right to objectArticle 22. Automated individual decision-making, including profilingArticle 23. Restrictions
CHAPTER IV Controller and processor (24-43)
Article 24. Subject-matter and objectivesArticle 25. Data protection by design and by defaultArticle 26. Joint controllersArticle 27. Representatives of controllers or processors not established in the UnionArticle 28. ProcessorArticle 29. Processing under the authority of the controller or processorArticle 30. Records of processing activitiesArticle 31. Cooperation with the supervisory authorityArticle 32. Security of processingArticle 33. Notification of a personal data breach to the supervisory authorityArticle 34. Communication of a personal data breach to the data subjectArticle 35. Data protection impact assessmentArticle 36. Prior consultationArticle 37. Designation of the data protection officerArticle 38. Position of the data protection officerArticle 39. Tasks of the data protection officerArticle 40. Codes of conductArticle 41. Monitoring of approved codes of conductArticle 42. CertificationArticle 43. Certification bodies
CHAPTER V Transfers of personal data to third countries or international organisations (44-50)
Article 44. General principle for transfersArticle 45. Transfers on the basis of an adequacy decisionArticle 46. Transfers subject to appropriate safeguardsArticle 47. Binding corporate rulesArticle 48. Transfers or disclosures not authorised by Union lawArticle 49. Derogations for specific situationsArticle 50. International cooperation for the protection of personal data
CHAPTER VI Independent supervisory authorities (51-59)
Article 51. Supervisory authorityArticle 52. IndependenceArticle 53. General conditions for the members of the supervisory authorityArticle 54. Rules on the establishment of the supervisory authorityArticle 55. CompetenceArticle 56. Competence of the lead supervisory authorityArticle 57. TasksArticle 58. PowersArticle 59. Activity reports
CHAPTER VII Cooperation and consistency (60-70)
Article 60. Cooperation between the lead supervisory authority and the other supervisory authorities concernedArticle 61. Mutual assistanceArticle 62. Joint operations of supervisory authoritiesArticle 63. Consistency mechanismArticle 64. Opinion of the BoardArticle 65. Dispute resolution by the BoardArticle 66. Urgency procedureArticle 67. Exchange of informationArticle 68. European Data Protection BoardArticle 69. IndependenceArticle 70. Tasks of the BoardArticle 71. ReportsArticle 72. ProcedureArticle 73. ChairArticle 74. Tasks of the ChairArticle 75. SecretariatArticle 76. Confidentiality
CHAPTER VIII Remedies, liability and penalties (77-84)
Article 77. Right to lodge a complaint with a supervisory authorityArticle 78. Right to an effective judicial remedy against a supervisory authorityArticle 79. Right to an effective judicial remedy against a controller or processorArticle 80. Representation of data subjectsArticle 81. Suspension of proceedingsArticle 82. Right to compensation and liabilityArticle 83. General conditions for imposing administrative finesArticle 84. Penalties
CHAPTER IX Provisions relating to specific processing situations (85-91)
Article 85. Processing and freedom of expression and informationArticle 86. Processing and public access to official documentsArticle 87. Processing of the national identification numberArticle 88. Processing in the context of employmentArticle 89. Safeguards and derogations relating to processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposesArticle 90. Obligations of secrecyArticle 91. Existing data protection rules of churches and religious associations
CHAPTER X Delegated acts and implementing acts (92-93)
Article 92. Exercise of the delegationArticle 93. Committee procedure
CHAPTER XI Final provisions (94-95)
Article 94. Repeal of Directive 95/46/ECArticle 95. Relationship with Directive 2002/58/ECArticle 96. Relationship with previously concluded AgreementsArticle 97. Commission reportsArticle 98. Review of other Union legal acts on data protectionArticle 99. Entry into force and application
GDPR > Article 9. Processing of special categories of personal data
Скачать в PDF

Article 9 GDPR. Processing of special categories of personal data

1. Processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation shall be prohibited.

Руководство и прецедентное право Преамбулы
Руководство и прецедентное право Преамбулы

(51) Personal data which are, by their nature, particularly sensitive in relation to fundamental rights and freedoms merit specific protection as the context of their processing could create significant risks to the fundamental rights and freedoms. Those personal data should include personal data revealing racial or ethnic origin, whereby the use of the term ‘racial origin’ in this Regulation does not imply an acceptance by the Union of theories which attempt to determine the existence of separate human races. The processing of photographs should not systematically be considered to be processing of special categories of personal data as they are covered by the definition of biometric data only when processed through a specific technical means allowing the unique identification or authentication of a natural person. Such personal data should not be processed, unless processing is allowed in specific cases set out in this Regulation, taking into account that Member States law may lay down specific provisions on data protection in order to adapt the application of the rules of this Regulation for compliance with a legal obligation or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. In addition to the specific requirements for such processing, the general principles and other rules of this Regulation should apply, in particular as regards the conditions for lawful processing. Derogations from the general prohibition for processing such special categories of personal data should be explicitly provided, inter alia, where the data subject gives his or her explicit consent or in respect of specific needs in particular where the processing is carried out in the course of legitimate activities by certain associations or foundations the purpose of which is to permit the exercise of fundamental freedoms.

2. Paragraph 1 shall not apply if one of the following applies:

Преамбулы
Преамбулы

(52) Derogating from the prohibition on processing special categories of personal data should also be allowed when provided for in Union or Member State law and subject to suitable safeguards, so as to protect personal data and other fundamental rights, where it is in the public interest to do so, in particular processing personal data in the field of employment law, social protection law including pensions and for health security, monitoring and alert purposes, the prevention or control of communicable diseases and other serious threats to health. Such a derogation may be made for health purposes, including public health and the management of health-care services, especially in order to ensure the quality and cost-effectiveness of the procedures used for settling claims for benefits and services in the health insurance system, or for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes. A derogation should also allow the processing of such personal data where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.

(53) Special categories of personal data which merit higher protection should be processed for health-related purposes only where necessary to achieve those purposes for the benefit of natural persons and society as a whole, in particular in the context of the management of health or social care services and systems, including processing by the management and central national health authorities of such data for the purpose of quality control, management information and the general national and local supervision of the health or social care system, and ensuring continuity of health or social care and cross-border healthcare or health security, monitoring and alert purposes, or for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, based on Union or Member State law which has to meet an objective of public interest, as well as for studies conducted in the public interest in the area of public health. Therefore, this Regulation should provide for harmonised conditions for the processing of special categories of personal data concerning health, in respect of specific needs, in particular where the processing of such data is carried out for certain health-related purposes by persons subject to a legal obligation of professional secrecy. Union or Member State law should provide for specific and suitable measures so as to protect the fundamental rights and the personal data of natural persons. Member States should be allowed to maintain or introduce further conditions, including limitations, with regard to the processing of genetic data, biometric data or data concerning health. However, this should not hamper the free flow of personal data within the Union when those conditions apply to cross-border processing of such data.

(54) The processing of special categories of personal data may be necessary for reasons of public interest in the areas of public health without consent of the data subject. Such processing should be subject to suitable and specific measures so as to protect the rights and freedoms of natural persons. In that context, ‘public health’ should be interpreted as defined in Regulation (EC) No 1338/2008 of the European Parliament and of the Council [11], namely all elements related to health, namely health status, including morbidity and disability, the determinants having an effect on that health status, health care needs, resources allocated to health care, the provision of, and universal access to, health care as well as health care expenditure and financing, and the causes of mortality. Such processing of data concerning health for reasons of public interest should not result in personal data being processed for other purposes by third parties such as employers or insurance and banking companies.

[11] Regulation (EC) No 1338/2008 of the European Parliament and of the Council of 16 December 2008 on Community statistics on public health and health and safety at work (OJ L 354, 31.12.2008, p. 70). https://eur-lex.europa.eu/legal-content/EN/AUTO/?uri=OJ:L:2008:354:TOC

(55) Moreover, the processing of personal data by official authorities for the purpose of achieving the aims, laid down by constitutional law or by international public law, of officially recognised religious associations, is carried out on grounds of public interest.

(56) Where in the course of electoral activities, the operation of the democratic system in a Member State requires that political parties compile personal data on people's political opinions, the processing of such data may be permitted for reasons of public interest, provided that appropriate safeguards are established.

(a) the data subject has given explicit consent to the processing of those personal data for one or more specified purposes, except where Union or Member State law provide that the prohibition referred to in paragraph 1 may not be lifted by the data subject;

Комментарий эксперта ISO 27701 Связанные статьи
Комментарий эксперта
Автор
Louis-Philippe Gratton
Луи-Филипп Граттон PhD, LLM
Эксперт в Privacy
Задать вопрос
ISO 27701

ISO/IEC 27701, принятый в 2019, добавил дополнительное руководство к ISO/IEC 27002 для контролеров персональных данных (ПИИ).

Приводим соответствующий параграф к статье 9(2)(a) GDPR:

7.2.4 Получение и регистрация согласия

Средство управления

Организация должна получать и регистрировать согласие субъектов ПИИ согласно задокументированным процессам.

Руководство по внедрению

Организация должна получить и зарегистрировать согласие субъекта ПИИ таким образом, чтобы по запросу она могла предоставить подробности предоставленного согласия (например, время, когда оно было предоставлено, личность субъекта ПИИ и заявление о согласии).


для доступа к полному тексту

Связанные статьи

(b) processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law in so far as it is authorised by Union or Member State law or a collective agreement pursuant to Member State law providing for appropriate safeguards for the fundamental rights and the interests of the data subject;

Комментарий эксперта
Комментарий эксперта
Автор
Louis-Philippe Gratton
Луи-Филипп Граттон PhD, LLM
Эксперт в Privacy
Задать вопрос

(c) processing is necessary to protect the vital interests of the data subject or of another natural person where the data subject is physically or legally incapable of giving consent;

Комментарий эксперта
Комментарий эксперта
Автор
Louis-Philippe Gratton
Луи-Филипп Граттон PhD, LLM
Эксперт в Privacy
Задать вопрос

(d) processing is carried out in the course of its legitimate activities with appropriate safeguards by a foundation, association or any other not-for-profit body with a political, philosophical, religious or trade union aim and on condition that the processing relates solely to the members or to former members of the body or to persons who have regular contact with it in connection with its purposes and that the personal data are not disclosed outside that body without the consent of the data subjects;

Комментарий эксперта
Комментарий эксперта
Автор
Louis-Philippe Gratton
Луи-Филипп Граттон PhD, LLM
Эксперт в Privacy
Задать вопрос

(e) processing relates to personal data which are manifestly made public by the data subject;

Комментарий эксперта Руководство и прецедентное право
Комментарий эксперта

(EN) The European legislator introduced an exception – for special categories of personal data which are manifestly made public by a person – that seems completely logical at first glance. If a person willingly shares her/his data, it sounds reasonable to allow the processing of these data by third parties. On second thought, many questions come to mind. What does “manifestly” mean? When are data “public”? How to determine if a person intended to make her/his data public?

The exception does not concern all special categories of data publicly available. It applies strictly to data that an individual personally disclosed. It must be a publication that results from a clear and voluntary decision from an individual to disclose information about her/him. It should not be an accidental, inadvertent, involuntary or unintentional disclosure. It should be the result of a free and deliberate decision. The individual must be fully conscious that s/he made her/his data public. Thus, it excludes leaked data, data accessible after a security breach or data shared unintentionally or by inadvertence…


для доступа к полному тексту

Автор
Louis-Philippe Gratton
Луи-Филипп Граттон PhD, LLM
Эксперт в Privacy
Задать вопрос
Руководство и прецедентное право

(f) processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity;

Комментарий эксперта
Комментарий эксперта
Автор
Louis-Philippe Gratton
Луи-Филипп Граттон PhD, LLM
Эксперт в Privacy
Задать вопрос

(g) processing is necessary for reasons of substantial public interest, on the basis of Union or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject;

Комментарий эксперта
Комментарий эксперта
Автор
Louis-Philippe Gratton
Луи-Филипп Граттон PhD, LLM
Эксперт в Privacy
Задать вопрос

(h) processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3;

Комментарий эксперта Руководство и прецедентное право
Комментарий эксперта
Автор
Louis-Philippe Gratton
Луи-Филипп Граттон PhD, LLM
Эксперт в Privacy
Задать вопрос
Руководство и прецедентное право

(i) processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices, on the basis of Union or Member State law which provides for suitable and specific measures to safeguard the rights and freedoms of the data subject, in particular professional secrecy;

Комментарий эксперта Руководство и прецедентное право
Комментарий эксперта
Автор
Louis-Philippe Gratton
Луи-Филипп Граттон PhD, LLM
Эксперт в Privacy
Задать вопрос
Руководство и прецедентное право

(j) processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) based on Union or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject.

Комментарий эксперта Руководство и прецедентное право Связанные статьи
Комментарий эксперта
Автор
Louis-Philippe Gratton
Луи-Филипп Граттон PhD, LLM
Эксперт в Privacy
Задать вопрос
Руководство и прецедентное право Связанные статьи

3. Personal data referred to in paragraph 1 may be processed for the purposes referred to in point (h) of paragraph 2 when those data are processed by or under the responsibility of a professional subject to the obligation of professional secrecy under Union or Member State law or rules established by national competent bodies or by another person also subject to an obligation of secrecy under Union or Member State law or rules established by national competent bodies.

4. Member States may maintain or introduce further conditions, including limitations, with regard to the processing of genetic data, biometric data or data concerning health.

General Data Protection Regulation (EU GDPR)

The latest consolidated version of the Regulation with corrections by Corrigendum, OJ L 127, 23.5.2018, p. 2 ((EU) 2016/679). Source: EUR-lex.

Комментарий эксперта ISO 27701 Преамбулы Руководство и прецедентное право Оставить комментарий
Комментарий эксперта

Некоторые персональные данные ввиду их чувствительного характера относятся к специальным категориям в GDPR. Обработка данных, относящихся к одной из этих восьми (8) категорий, действительно представляет «значительные риски для основных прав и свобод» человека (Преамбула 51). Риски различаются в зависимости от типа задействованных данных. В первом параграфе статьи 9 перечислены все типы охватываемых данных, однако эти категории не являются легко объяснимыми. Наглядный перечень, разбитый на восемь пунктов, помогает прояснить сферу охвата положения и то, какие данные считаются «специальными» согласно европейским правилам:

  1. данные, раскрывающие расовое или этническое происхождение;
  2. данные, раскрывающие политические взгляды;
  3. данные, раскрывающие религиозные или философские убеждения;
  4. данные о членстве в профсоюзе;
  5. генетические данные;
  6. биометрические данные, используемые для идентификации человека;
  7. данные о здоровье; и
  8. данные, касающиеся половой жизни или сексуальной ориентации человека.

Данный перечень следует считать исчерпывающим, поскольку исключения должны толковаться строго.  Следовательно, никакое другое исключение не может быть допущено Судом Европейского Союза или законодательством государств-членов. Персональные данные, касающиеся судимостей и правонарушений, не упоминаются в этом перечне, так как они подпадают под другой правовой режим (статья 10).

«Специальные категории персональных данных» должны обрабатываться в соответствии с особыми правилами обработки, главным образом, в целях защиты лиц от дискриминации (Преамбула 71). Обработка специальных категорий персональных данных также может привести к физическому, материальному или моральному ущербу, включая хищение личных данных, мошенничество, нанесение вреда репутации или нарушение профессиональной тайны (Преамбула 75).

Данные, связанные с расовым или этническим происхождением, включают имена, места рождения, родные языки и даже имена родителей того или иного лица. Они считаются чувствительными, поскольку могут раскрыть происхождение человека или его этническую принадлежность.

Политические убеждения можно вывести исходя из анализа деятельности, раскрывающей политические предпочтения человека, к чему относятся членство в политической партии, подписанные петиции, мероприятия, митинги или протесты, в которых человек принимал участие. К данным, раскрывающим политические взгляды индивида также относится информация, отражающая идеи, которые он поддерживает, и, наоборот, отвергает.

К данным, свидетельствующим о том, что человек исповедует какую-либо религию или проявляет интерес к ней, относятся, например, посещение церкви, покупка религиозных книг, участие в религиозных мероприятиях или демонстрациях. Такие данные могут раскрыть религиозную принадлежность человека или свидетельствовать об отсутствии у него религиозных убеждений. Сложнее определить, что обозначает термин “философские убеждения”. Пример из английского прецедентного права демонстрирует, что таковым является искреннее убеждение, которое касается важного аспекта человеческой жизни и поведения, и которое заслуживает уважения в демократическом обществе (Grainger Plc v. Nicholson).

Особая защита данных о членстве в профсоюзе обусловлена реализацией основных прав в трудовой сфере. Отнесение данной информации к особой категории данных защищает людей от дискриминации на работе, которая может быть потенциальным следствием их профсоюзной деятельности, и сохраняет их право на ведение коллективных переговоров наряду с другими правами.

Анализ биологических образцов позволяет получить информацию об «унаследованных или приобретенных генетических характеристиках» человека [Преамбула 34 и статья 4 (13)]. Полученные генетические данные могут раскрыть информацию о происхождении, этнической принадлежности, физиологии или здоровье человека, поскольку причиной некоторых проблем со здоровьем человека являются аномалии в геноме человека.

Биометрические данные — это информация, полученная на основе различных измерений «физических, физиологических или поведенческих характеристик человека» [статья 4 (14)]. Они служат для уникальной идентификации человека, например, по отпечаткам пальцев, рисунку радужной оболочки глаза, чертам лица или модуляции голоса. Фотография не всегда классифицируется как биометрические данные. Она относится к данной категории только в тех случаях, когда при ее обработке выявляются характеристики, позволяющие однозначно идентифицировать человека (Преамбула 51).


для доступа к полному тексту

Автор
Louis-Philippe Gratton
Луи-Филипп Граттон PhD, LLM
Эксперт в Privacy
Задать вопрос
ISO 27701

ISO/IEC 27701, принятый в 2019, добавил дополнительное руководство к ISO/IEC 27002 для контролеров персональных данных (ПИИ).

Приводим соответствующий параграф к статье 9 GDPR:

7.2.2. Определение правового основания

Средство управления

Организация должна определить, задокументировать и соблюдать соответствующие правовые основания для обработки ПИИ в определенных целях.

Руководство по внедрению

В некоторых юрисдикциях организация должна иметь возможность продемонстрировать, что законность обработки была должным образом установлена до её осуществления. Правовое основание для обработки ПИИ может включать в себя:


для доступа к полному тексту

Преамбулы

(51) Personal data which are, by their nature, particularly sensitive in relation to fundamental rights and freedoms merit specific protection as the context of their processing could create significant risks to the fundamental rights and freedoms. Those personal data should include personal data revealing racial or ethnic origin, whereby the use of the term ‘racial origin’ in this Regulation does not imply an acceptance by the Union of theories which attempt to determine the existence of separate human races. The processing of photographs should not systematically be considered to be processing of special categories of personal data as they are covered by the definition of biometric data only when processed through a specific technical means allowing the unique identification or authentication of a natural person. Such personal data should not be processed, unless processing is allowed in specific cases set out in this Regulation, taking into account that Member States law may lay down specific provisions on data protection in order to adapt the application of the rules of this Regulation for compliance with a legal obligation or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. In addition to the specific requirements for such processing, the general principles and other rules of this Regulation should apply, in particular as regards the conditions for lawful processing. Derogations from the general prohibition for processing such special categories of personal data should be explicitly provided, inter alia, where the data subject gives his or her explicit consent or in respect of specific needs in particular where the processing is carried out in the course of legitimate activities by certain associations or foundations the purpose of which is to permit the exercise of fundamental freedoms.

(52) Derogating from the prohibition on processing special categories of personal data should also be allowed when provided for in Union or Member State law and subject to suitable safeguards, so as to protect personal data and other fundamental rights, where it is in the public interest to do so, in particular processing personal data in the field of employment law, social protection law including pensions and for health security, monitoring and alert purposes, the prevention or control of communicable diseases and other serious threats to health. Such a derogation may be made for health purposes, including public health and the management of health-care services, especially in order to ensure the quality and cost-effectiveness of the procedures used for settling claims for benefits and services in the health insurance system, or for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes. A derogation should also allow the processing of such personal data where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.

(53) Special categories of personal data which merit higher protection should be processed for health-related purposes only where necessary to achieve those purposes for the benefit of natural persons and society as a whole, in particular in the context of the management of health or social care services and systems, including processing by the management and central national health authorities of such data for the purpose of quality control, management information and the general national and local supervision of the health or social care system, and ensuring continuity of health or social care and cross-border healthcare or health security, monitoring and alert purposes, or for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, based on Union or Member State law which has to meet an objective of public interest, as well as for studies conducted in the public interest in the area of public health. Therefore, this Regulation should provide for harmonised conditions for the processing of special categories of personal data concerning health, in respect of specific needs, in particular where the processing of such data is carried out for certain health-related purposes by persons subject to a legal obligation of professional secrecy. Union or Member State law should provide for specific and suitable measures so as to protect the fundamental rights and the personal data of natural persons. Member States should be allowed to maintain or introduce further conditions, including limitations, with regard to the processing of genetic data, biometric data or data concerning health. However, this should not hamper the free flow of personal data within the Union when those conditions apply to cross-border processing of such data.

(54) The processing of special categories of personal data may be necessary for reasons of public interest in the areas of public health without consent of the data subject. Such processing should be subject to suitable and specific measures so as to protect the rights and freedoms of natural persons. In that context, ‘public health’ should be interpreted as defined in Regulation (EC) No 1338/2008 of the European Parliament and of the Council [11], namely all elements related to health, namely health status, including morbidity and disability, the determinants having an effect on that health status, health care needs, resources allocated to health care, the provision of, and universal access to, health care as well as health care expenditure and financing, and the causes of mortality. Such processing of data concerning health for reasons of public interest should not result in personal data being processed for other purposes by third parties such as employers or insurance and banking companies.

[11] Regulation (EC) No 1338/2008 of the European Parliament and of the Council of 16 December 2008 on Community statistics on public health and health and safety at work (OJ L 354, 31.12.2008, p. 70). https://eur-lex.europa.eu/legal-content/EN/AUTO/?uri=OJ:L:2008:354:TOC

(55) Moreover, the processing of personal data by official authorities for the purpose of achieving the aims, laid down by constitutional law or by international public law, of officially recognised religious associations, is carried out on grounds of public interest.

(56) Where in the course of electoral activities, the operation of the democratic system in a Member State requires that political parties compile personal data on people's political opinions, the processing of such data may be permitted for reasons of public interest, provided that appropriate safeguards are established.

Руководство и прецедентное право Оставить комментарий
[js-disqus]