Talk:General Data Protection Regulation
This is the talk page for discussing improvements to the General Data Protection Regulation article. This is not a forum for general discussion of the article's subject. |
Article policies
|
Find sources: Google (books · news · scholar · free images · WP refs) · FENS · JSTOR · TWL |
A news item involving General Data Protection Regulation was featured on Wikipedia's Main Page in the In the news section on 26 May 2018. |
This article is rated C-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects: | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
This article is written in British English, which has its own spelling conventions (colour, travelled, centre, defence, artefact, analyse) and some terms that are used in it may be different or absent from other varieties of English. According to the relevant style guide, this should not be changed without broad consensus. |
Archives (Index) |
This page is archived by ClueBot III.
|
Claim Doesn't Seem to be Supported by Reference
editAt the beginning of the article it says: "The regulation became a model for many national laws outside the EU, including United Kingdom, Turkey, Mauritius, Chile, Japan, Brazil, South Korea, Argentina and Kenya. The California Consumer Privacy Act (CCPA), adopted on 28 June 2018, has many similarities with the GDPR." the reference for that is number 2 which is an article on the sites advisera.com titled "The differences between the California Consumer Privacy Act and the GDPR" about the CCPA but as far as I could see doesn't mention any other nations. Did I miss something in that article or is there another source to support this claim? I believe it is true but would like to see a solid reference for it. --MadScientistX11 (talk) 23:16, 15 October 2021 (UTC)
- I think this is an attempt to promote some of the other laws. Are any of these places publicly stating they are 'going to seek GDPR as a basis for their privacy law', or be 'on par' with it, or 'GPDR style compliance etc'. CaribDigita (talk) 23:15, 2 March 2024 (UTC)
Content imported from another Wikipedia page
editContent at General Data Protection Regulation#Risk-based approach has been imported from Draft:Risk-based approach in the GDPR by an inexperienced editor without any annotation in the edit summary. Advice has been left at User talk:Elena2341#Marking edits as minor, and a new section at Draft talk:Risk-based approach in the GDPR.--Rocknrollmancer (talk) 21:42, 5 May 2022 (UTC)
"Risk Based Approach"
editIndustry lawyers have for a long term advocated that the GDPR would have a "risk based approach". This is not correct, while some articles of the GDPR do refer to risk (e.g. Article 32 GDPR on security), the notion that the entire law should only be complied with if there is a "risk", is not correct. The relevant section of the Wikipedia article is only referring to one (!) source, not the any element of the law. It should be deleted. Maxschrems (talk) 19:11, 21 January 2023 (UTC)
Privacy and data protection
editThe terms "privacy" and "data protection" are currently used synonymously in this article, but it may be helpful to mention that data protection and the right to privacy are considered distinct concepts in EU law. The GDPR is largely concerned with protecting individuals from the potential harms arising from the automated processing of personal data relating to them, i.e., ensuring that personal data used in decisions affecting individuals is "adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed" (Jon Bing calls this a "decision-oriented view of data protection"). This departs from the traditional notion of privacy, which focuses primarily on keeping private, personal matters out of the public eye. Any personal data, whether publicly available or not, can be processed to infer characteristics of specific identifiable individuals and used to make decisions that affect those individuals, and is therefore subject to data protection under the GDPR.
It is also problematic that there is currently almost no mention of the principles of adequacy and relevancy set out in Article 5(1)(c), and how these principles relate to the protection of individuals from unfair automated decisions under various circumstances. First Comet (talk) 10:16, 20 August 2023 (UTC)
Wiki Education assignment: Cybersecurity Policy
editThis article was the subject of a Wiki Education Foundation-supported course assignment, between 8 January 2024 and 30 April 2024. Further details are available on the course page. Student editor(s): Ekaman2020 (article contribs). Peer reviewers: Dcharway.
— Assignment last updated by MrLavoie (talk) 00:46, 20 February 2024 (UTC)
Is it wrong to list Facebook as an example company that's been found in breach of this law?
editIn 2023. Facebook (owned by Meta) was issued a record breaking fine by the European Union regarding this law. I included it as part of Timeline indicating how this law has made history, but another editor said company names shouldn't be listed. I contend is it wrong to list company names for having breached this law? CaribDigita (talk) 23:08, 2 March 2024 (UTC)
- I guess this is about significance. There are thousands of companies that are fined under GDPR, but a "record breaking" fine representing an egregious abuse of the law would be significant. I can't see a reason for not naming the company as such.
- I would add that GDPR's enforcement strategy is deliberately aggressive and attempts to create consistency, but there have also been well known issues with getting this in place regarding Ireland's DP authority, where many international tech businesses operate their EU personal data processing from. Depending on whether authors have time to expand the article around GDPR's development post implementation, this would also be significant information that would require mention of Facebook / Meta as a major data processor that has been held to shield under Ireland's lax or slow enforcement of GDPR.
- (Post script: I went back to the article and this is covered pretty well, some direct criticisms of the Irish DPA may be missed but most of the information is there). Jim Killock (talk) 09:08, 4 March 2024 (UTC)