The new personal data regulation is good news for individuals – as there will be more and strengthened rights. This is, for instance, the right to rectification, deletion and blocking of your personal data and the right to data portability. In short, this means overall that you to a higher degree can keep control of your personal data, and ultimately you will feel more confident when giving your personal data to others.
In this blog post, I will elaborate on what these rights will mean for the individual and under which circumstances you as an individual is entitled to exercise them.
The right to rectification
The right to have your personal data rectified entails that you can have your personal data rectified which, for example, a company has registered about you, if your personal data are incorrect, or if they are incomplete. This scenario may become relevant, if you is listed with a wrong address at Post Danmark, or if your insurance company has got possession of incorrect information about your health conditions and consequently has increased your premium.
The right to deletion (“the right to be forgotten”)
The right to deletion – popularly called the right to be forgotten – entails that you can demand that your personal data are released to you, for instance, from the company which processes them, and at the same time demand that the company deletes your personal data.
Furthermore, the company which has made your personal data publicly available (e.g. on the internet) is obliged to inform others which process the data that you have requested the data to be deleted. For example, if you have requested Google to delete an old school photo of you which turns up when you google your name, Google must delete both this photo from its search results and take all reasonable precautions to ensure that all those who have had access to the photo and who now use it are told that you wish the photo deleted.
However, no right without an exception: This right may be limited if, among other things, the regard for the freedom of speech goes against the exercise of this right. Also if Google can argue that based on the freedom of speech, they also shouldn’t delete your old school photo then they will not be subject to “the right to be forgotten”. It will be up to Google or other companies to make this evaluation, however, they will be heavily fined if it subsequently is assessed that they have made the wrong decision.
The right to blocking
The right to blocking enables you to block a company’s further processing of your personal data. This means that your personal data are held “hostage” until 1) you consent to further processing, or 2) the processing is necessary for completion of a legal claim to protect another individual’s rights or for the sake of important public interests.
In addition to this, the right serves as an alternative to the right of deletion – which means that you can choose to block the company or the authority’s possibilities of using your personal data instead of demanding deletion.
The right to data portability
As part of the principle that individuals should feel more control and secure when their personal data are processed, the right to data portability has been introduced. Under this right, you as an individual have the right to have your personal data released and transferred from one company to another. For instance, one could imagine a person who wants to use Dating.dk instead of Match.com. This person would then be able to request Match.com to transfer all the personal data that they have stored to Dating.dk. Match.com must not block or hinder the transfer of the data to Dating.dk despite that it is unattractive for them to transfer the data to a competitor.
Who to contact?
If you wish to exercise one of your above rights, you just have to contact the company or the authority which processes your personal data. For instance, you can via Google obtain a form which you will have to fill in and send to them if you wish to exercise your right “to be forgotten”. Alternatively, some companies will actually in future have a Data Protection Officer who will handle these enquiries. Please be aware that the Personal Data Regulation will not become effective until 2018.
