The cost of administrative activities that businesses conduct solely in order to comply with legal obligations.
Article 29 Working Party
The Data Protection Working Party was established by Article 29 of the 'Data Protection Directive '.
It provides the Commission with independent advice on data protection matters, and helps in the development of harmonised policies for data protection in the EU countries.
An advertising based on the observation of the behaviour of individuals over time.
It seeks to study the characteristics of this behaviour through their online actions (repeated site visits, interactions, keywords, online content production etc.). From this a specific profile can be developed to provide individuals with advertisements tailored to match their interests.
Binding corporate rules
Codes of practice drawn up and followed voluntarily by multinational organisations.
These rules aim to ensure adequate safeguards for transfers of personal data between companies, which are part of the same corporate group, and that are bound by these corporate rules.
They are based on European data protection standards.
Internet-based computing whereby software, shared resources and information are on remote servers ('in the cloud').
Cloud computing describes a new consumption and delivery model for IT services based on the Internet.
Natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Data Protection Impact Assessment (DPIA)
A process whereby a conscious and systematic effort is made to assess privacy risks to individuals in the collection, use and disclosure of their personal data. DPIAs help to identify privacy risks, foresee problems and develop solutions.
An identified or identifiable person to whom specific personal data relates.
It is someone who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more specific factors (physical, physiological, mental, economic, cultural, social).
Any data processed in an electronic communications network, indicating the geographic position of the terminal equipment of someone using a publicly available electronic communications service.
Personal Data breach
A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data.
It concerns personal data transmitted, stored or otherwise processed by a publicly available electronic communications service in the Community.
Any information relating to an identified or identifiable person ('data subject') who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more specific factors (physical, physiological, mental, economic, cultural, social).
Privacy by design
Privacy by design aims to build privacy and data protection upfront, into the design specifications and architecture of information and communication systems and technologies, in order to facilitate compliance with privacy and data protection principles.
Privacy enhancing technologies (PETs)
They aim to protect privacy by eliminating or reducing personal data or by preventing undesired processing of personal data, without losing the functionality of the information system.
It either requires positive action by consumers, or should be directly included in the information systems.
Processing of personal data
Processing of personal data means any operation or set of operations which is performed upon personal data, whether or not by automatic means (for example: collection, recording, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, deleting or destruction, etc.).
The processor is the natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller.
It usually concerns 3 types of data:
- revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership;
- concerning health or sex life;
- relating to offences, criminal convictions or security measures.
Standard contractual clauses
Legal tools to provide adequate safeguards for data transfers from the EU or the European Economic Area (EEA) to third countries.
The Commission has adopted three Decisions declaring Standard Contractual Clauses to be adequate. Companies can incorporate the clauses into a transfer contract.