Guidelines on Data Protection Officers (‘DPOs’) (wp243rev.01)
- Categories Blog, Business, Design / Branding, Free Data Protection Resources
- Date September 7, 2020
Guidelines on Data Protection Officers (‘DPOs’) (wp243rev.01)
Paragraph 2.1.4 Regular and systemic monitoring
The notion of regular and systematic monitoring of data subjects isnot defined in the GDPR, but the concept of ‘monitoring of the behaviour of data subjects’is mentioned in recital 2415and clearly includes all forms of tracking and profiling on the internet, including for the purposes of behavioural advertising.However, the notion of monitoring is not restricted to the online environmentandonline tracking should only be considered as one example of monitoring the behaviour of data subjects.
WP29 interprets ‘regular’ as meaning one or more of the following:
-
Ongoing or occurring at particular intervals for a particular period
-
Recurring or repeated at fixed times
-
Constantly or periodically taking place
WP29 interprets ‘systematic’ as meaning one or more of the following:
-
Occurring according to a system
-
Pre-arranged, organised or methodical
-
Taking place as part of a general plan for data collection
-
Carried out as part of a strategy
Examplesof activities that may constitute a regular and systematic monitoring of data subjects: operating a telecommunications network; providing telecommunications services; email retargeting; data-driven marketing activities; profiling and scoring for purposes of risk assessment (e.g. for purposes of credit scoring, establishment of insurance premiums, fraudprevention, detection of money-laundering); location tracking, for example, by mobile apps; loyalty programs; behavioural advertising; monitoring of wellness, fitness and health data via wearable devices; closed circuit television; connected devices e.g. smart meters, smart cars, home automation, etc.
You may also like
Guidelines 9/2020 on relevant and reasoned objection under Regulation 2016/679 Paragraph 3.2.3 Risks to free flow of personal data within the Union 44. Where the objection will refer to this particular risk, the CSA will need to clarify why it …
Guidelines 9/2020 on relevant and reasoned objection under Regulation 2016/679 Paragraph 3.2.2 Risks to fundamental rights and freedoms of data subjects 39. The issue at stake concerns the impact the draft decision as a whole would have on the data …
Guidelines 9/2020 on relevant and reasoned objection under Regulation 2016/679 Paragraph 3.2.1 Meaning of “significance of the risks” 35. It is important to bear in mind that the goal of the work carried out by SAs is that of protecting …