Open data and GDPR

Forum for discussing data insights and industry trends
Post Reply
surovy113
Posts: 210
Joined: Thu Dec 19, 2024 3:23 am

Open data and GDPR

Post by surovy113 »

Legal limits for OPEN DATA or how it goes beyond meeting the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR).

This analysis of the use of Open Data while meeting GDPR requirements was prepared by the law firm Nechala & Co., sro for colleagues from Finstat. We have translated it with the author's permission and are making it available.

We publish this analysis with the author's consent in order to provide legal argumentation for non-governmental organizations and journalists who process data from published registers. To this extent, the law firm Nechala & Co., sro provides consent to its use.

This analysis was prepared to answer the question of whether the processing of personal data that is part of the so-called Open Data is possible after May 25, when the GDPR regulation comes into effect.

The source of the processed personal data is public registers. These are official registers of state institutions (such as the Commercial Register, the Trade Register, etc.). The registers from which personal data are collected are both public registers available to an indefinite group of users (such as the Commercial Register, the Trade Register, etc.), and also registers that are available only upon special request car owner database and for a fee (e.g. the Central Register of Executions).

The personal data that is processed is the content of information that is freely and free of charge (exceptionally for a fee in the case of the Central Register of Executions) available to everyone under the same conditions, the so-called

open data, or Open Data. Open data is made available on the Internet in a structured form that enables its mass machine processing.2

Currently, it is possible to process personal data contained in the so-called Open Data, namely on

based on a specific legal authorisation provided for in the original Data Protection Act.3 Neither the GDPR nor the new Data Protection Act contains an explicit specific authorisation for the further processing of personal data that has already been made public. Such processing of personal data will continue to be possible, but it will be necessary to find another legal basis for it.

The basic principles of personal data processing under the GDPR include the lawfulness of processing.5

According to Article 6 of the GDPR, the principle of lawfulness is only fulfilled if one of the following is met.
Post Reply