Lately we are witnessing quite alarming scandals regarding privacy in social networks. And the Facebook scandal with Cambridge Analytica it…
Lately we are witnessing quite alarming scandals regarding privacy in social networks. And the Facebook scandal with Cambridge Analytica it is just one of the examples we can see if we remember.
And, in a world, as it is the computer, in which users do not usually pay for many of the things we do on the network -such as social networks, videos on YouTube or digital media- the form to sustain all this economically is advertising, or user data.
For this reason, we find it quite interesting to draw a series of articles talking about Computer Law, and telling you what rights you have about your data or what data you should never give, and today we are going to teach you exactly what are the rights you have over your personal data according to the Data Protection Law, let’s start!
The first thing at the time of beginning to train in Computer Law is to understand certain concepts that are explained in the Law and to which we are going to make reference on numerous occasions throughout the series of articles that we are going to publish. So let’s start with the basics.
You should know that in the vast world of internet, we have dissociated data, and personal data. Dissociated data are those through which you can not identify the person in question to which they belong, because they have undergone a process so that they can not be attributed to the person in particular.
Personal data is all information concerning identified or identifiable individuals. An identifiable person is anyone whose information can be determined through information related to their physical, physiological, economic or social identity. That is, personal information is what refers to you as a person, and through which you can be directly identified. To give you an example, your taste for croquettes – by itself – is not a personal fact, but your height, your DNI number or your medical history yes they are.
Within the personal data, we find three levels of protection:
Protection inferior to the ordinary one: public data of mere identification and accessible to the public, such as your name, surnames or landline number
Ordinary protection: common data, which are not of mere identification, but which are not considered sensitive data either
Protection greater than ordinary: sensitive data especially protected, which are rated, as they have an invasive potentiality of privacy. Some examples are your political and religious ideology, your medical history, or your criminal and administrative infractions.
Finally, we will define data processing as all the operations and technical procedures that allow the collection, recording, conservation, elaboration, modification, blocking, cancellation, and assignments to other companies and data organizations. resulting from communications, consultations, interconnections and transfers.
The personal data that identifies you, specifically, as an individual is yours, and the Data Protection Act includes a series of rights that users can exercise, and of which it is good that we are informed. ** At the end of the day, if we do not know, we can not defend ourselves. **
In the first place we can find the most basic of all, which is the Right of consultation in the Data Protection Registry, and which establishes that anyone can know the existence of treatments of their personal data, the purpose of the same and those responsible for the treatment.
For this, it will be enough to access the web of the Spanish Agency for Data Protection, and search in your files, entering your data. You should know that they have files of public ownership and of private ownership, Y You can perform the search in the one you want.
It is imperative that we know our rights to be able to exercise them correctly
Through this, the interested party may request and obtain free information about your personal data submitted to treatment, the origin of these and the communications that have been made or will be made of them.
This right, unlike the previous one, is exercised against the person responsible for the file, which is a private company, such as Zara, and with this we obtain the specific personal data that the person responsible for the processing has of us, but this has certain limitations.
And, we can only make a query to the same company every twelve months, unless we credit a legitimate interest. The company, for its part, has to resolve this request for access within a maximum period of one month from when it received the request, and, if estimated, You must provide this information within ten days.
Users also have the right to correct errors and to modify inaccurate or incomplete data to guarantee the accuracy of the information. But be careful, as long as the data we want to modify is, as we have said, inaccurate and incomplete, such as our age or address.
To do this, you must go to the company in question that deals with your data and write a letter that clearly indicates the wrong information, and the correction that must be made, accompanied by the documentation that justifies it.
The person in charge of the file will have to respond to the request within ten days of receiving it, even if he does not have information on the affected party – in which case he must communicate it. For this, you have available the different forms available on the AEPD website. Including also those that you must submit in case you want to request the protection of your rights -in case they do not respond within the deadline-
The right of cancellation, on the other hand, is a mechanism that allows us to defend our privacy, being able to request the elimination of our personal data, but only in case they are inadequate or excessive.
This cancellation implies the blocking of these data, that is, they will be identified and reserved to prevent them from being processed, except for making them available to the corresponding judicial bodies.
In this case, the person responsible for the file or the treatment must make the cancellation right effective in ten days. Unless, of course, there is a legal duty to preserve said data, although it may also deny such cancellation when the conservation is necessary to fulfill contractual obligations that they link him to the person requesting the cancellation.
The European Union also recognizes the right to cancel, but under the name “Right to delete”. That is, the so-called Right to Oblivion, which would allow us to obtain the deletion of data from the person responsible for the data. if they are not necessary for the purpose that justifies the treatment, or because, simply, we want to revoke the consent. A process that brought a lot of controversy a few years ago, but that we have taught you to do in front of Google.
Do you have Facebook installed? Get the best article of each day in our Page .