What does this mean for cookies?
EU member states cannot generally prohibit organisations' legitimate and necessary but unauthorised processing of personal data where the information is not stored in specified public sources, the European Court of Justice (ECJ) has said. The ECJ said that national rules that broadly exclude data processing in non-specified …
somebody paid a LOT in lobbying/bribes for this one.
Seriously what on earth is this article about, for those of us who have only an interest in data protection rather than have made a living out of it.
The right of free movement of data?
Tell that one to the RIAA
I'm betting that there's a lot more public data out there than we think. But if somebody puts together several public databases, and sells the results, is that assembly still public data?
"legitimate interest of the data controller or of the third party or parties to whom those data are disclosed,"
Here's hoping that making profit isn't considered to be a legitimate interest but I doubt it.
Not discriminating between public and private sources is a good thing
if they are both protected, rather than both unprotected. I don't want my details used by (for example) direct marketers whatever their source.
So who decides...
...what a 'Legitimate Interest' is?
Public and private data should not be treated the same. Let's say you have two phone numbers: One is public (in the phone book) and the other is private (unlisted). According to this ruling, people have as much right to share and use your private number as your public number. It means marketing firms can use both of them, with no regards of your wishes. It means things like the Telephone Preference Service, and the Telecommunications Act are both effectively overruled (as if anyone bothers with them anyhow) and it means businesses have been given a green light to accumulate private data as well as public without your consent.
There are times the EU and the ECJ do something brilliant. Then there are times with things like this happen...
"the right of free movement of data"
That's a new one, never heard of that before... wonder who's words were stuffed in that politicians mouth and how much they paid for it?
...what does all this guff mean?
when is data public?
It seems to me that a public data store is one that is available, whether openly or via a restrictive contract, outside the organisation hosting the data store.
It follows that whilst an organisation may navel gaze at the data to it's heart's content, publishing the output of any data processing will ultimately fall foul of the directive if PII rules are broken.