What rights users have under the GDPR?

 What rights users have under the GDPR?

GDPR - online privacy

Today we will talk about an important topic in digital marketing, the General Data Protection Regulation (GDPR). It is the strongest privacy and security law regarding the collection, the use and the storage of personal data from individuals who live in the European Union. Let’s see what rights the set up of GDPR provides to all users.



Transparency and information


First of all, users should be informed about the way their personal information is collected and the use of it. On a website, it could be a simple message mainly regarding the use of cookies, from what the user has to accept and give his consent. In addition to that, the user must be able to click on a link that redirects to the company’s private policy. He also has the right to manage the settings and choose what type of information he wants to give. 


cookies message

Users must be aware that they have the right to ask the nature and the goals of the data that the website will process. When your data is collected, they have to know those elements:

  • The identity and contact details of the website’ publisher

  • Legal basis regarding the process of collection and the purposes

  • The country where your data is collected and will be used

  • The role and the interests of any third parties

  • Any recipients of personal data

  • If the company have the intention to transfer your data for instance to another country

  • The length of time your data will be kept and stored

  • Be aware of your rights to rectify and erase your information

  • Be aware of your right to withdraw your consent

  • Be aware of the relevant authority in order to complain

  • If the collection of your data is a contractual requirement

  • Be aware of any profiling techniques and any types of marketing practices



Access

Secondly, any user has the right to access their data. GDPR is all about transparency, therefore as a user, you have the right to ask for a copy of all the data a website may have on you. In order to be able to ask for it, the company needs to make available to users a form for Data Requests. Then, the website needs to explain all the steps you have to follow to collect your data copy.

Google Data Request

Rectification and/or deletion

Users have the right to change, rectify or erase the personal information they provide to a company when they believe that their data are no longer relevant or accurate. If a company keeps incorrect data, the privacy of users will be threatened and therefore not quite respected. It could be a problem if you want to call a user but he changed his number and now another person has this number but he didn’t agree to be contacted by your company. Thus, every two years, companies have been recommended to ask again about their database in order to know if their users still consent or if some of them want to be deleted. 



Objection and avoidance to automated individual decision-making


Users have the right to object to companies’ data processes especially when it is related to direct marketing practices. Here is a concrete example. A consumer should complain when he unsubscribes several times to your newsletter but the company continues to send him those emails.

Besides, if companies need to use automated decision-making, they have to describe those practices simply and understandably, and inform their users.



Restrictions


Users have the right to request a restriction regarding the process of using data under certain conditions:

  • User contests the data’ accuracy

  • User objects to an illegal process and wants the company to limit the process rather than erasing all the data

  • The company does not need to process that data but they need to keep it regarding the establishment, exercise or defence of a legal claim.


Following this type of request, companies must stop processing users’ data as long as they requested it while respecting the conditions quoted below.



There are, actually, a lot of rights for users under the General Data Protection Regulation. However, it is important to inform both companies and users of their respective obligations and rights. On one hand, a lot of companies do not yet respect users’ privacy. And on the other hand, some users and consumers don’t know that they have the right to be informed, the right to access their personal information, the right to change or erase their data, the right to restrict the process and the right to object and avoid automated profiling and decision-making.


#GDPR #privacy #data #protection #laws


Emma Griffon


General Data Protection Regulation (GDPR). n.d. General Data Protection Regulation (GDPR) – Official Legal Text. [online] Available at: <https://gdpr-info.eu/> [Accessed 11 April 2021].


i-SCOOP. n.d. Data subject rights under GDPR - the fundamental and contextual rights. [online] Available at: <https://www.i-scoop.eu/gdpr/data-subject-rights-gdpr/> [Accessed 11 April 2021].


Nicole O., 2021. The Eight User Rights Under the GDPR - Privacy Policies. [online] Privacy Policies. Available at: <https://www.privacypolicies.com/blog/gdpr-eight-user-rights/> [Accessed 11 April 2021].

Comments

  1. Hi Dubchies !

    It's nice to read for once an article that tells us about GDPR from the users’ side.
    Reading your article reminds me of the scandal that everyone heard about Facebook and the disclosure of personal data of 2.7 million of its European users to the British firm Cambridge Analytica .

    The European Commission had then adopted new measures that included that all companies had to obtain "explicit consent" from customers, if they want to transmit their personal data to a third party or if they prefer to make a use other than the one initially intended.

    If you have any tips on how to better protect my data on Facebook, please feel free to reply!

    #dubchies #bigdata #protection #safety #marketing

    ReplyDelete
    Replies
    1. Hi Maudy!

      It should be noted that behind this scandal, this famous data analysis firm that had worked for the presidential campaign of Donald Trump in 2016, had recovered the personal data of Facebook users without their knowledge, via a psychological testing application.

      We must therefore be careful, remember that some third-party applications allow access not only to the data of users who have used the application but also to those of their friends. This explains the very high number of people potentially concerned by this scandal.

      Following your request, we have just found a very interesting article with a video on the Facebook blog which will explain you in 3 points how to better protect your data:
      https://www.facebook.com/watch/?v=10155778358606886

      Have a nice viewing!

      And to remind you again, even if it seems long to read, take the time to read the use of your data when you go on a website!

      The dubchies !

      Delete
  2. Hi Dubchies,

    I really like your article! This is an important subject but sometimes complicated and your article really helped me

    ReplyDelete
  3. Hi,

    This article is so accurate, this is something that I do not think about often. I know that I have rights, but I do not think of asking a website which data they have on me. I changed my phone number two years ago and I still have some companies that call me and ask for the previous owner of the number, which means that I never gave my consent for them to call me. However, most of them do not hang up when I tell them that I am not that person, they try to sell me their product anyway. Now, I will know that I can tell them that they do not have my consent and that they have to delete my contact.

    Thanks for the highlight on my rights as a user!

    Anaïs

    ReplyDelete

Post a Comment