Use of social media by EUIs

Snežana Srdić

DPO Meeting – 8 May 2020

squarelogo/Shutterstock.com Rob Wilson/Shutterstock.com

General considerations 1

• Effectiveness, necessity, proportionality, data protection by design and by default • Aim, tools

• Necessity, proportionality, data minimisation, purpose limitation • Processing

Evgeniy Yatsov/Shutterstock.com

General considerations 2

• Legal basis and lawfulness • Tasks, fairness

• Information, data subject rights • Transparency

• Risk assessment, obligations of controller • Accountability

Griboedov/Shutterstock.com

Planning for social media

• Data protection by design and by default • Compliance + Accountability as

project requirements

• Consider alternative solutions

• Involvement of DPC + DPO

Rawpixel.com/Shutterstock.com

Ground for lawfulness

• Legal obligation • Art. 5(1)(b)

→ unlikely

• Consent • Art. 5(1)(d)

→ rarely and may not be appropriate

Rawpixel.com/Shutterstock.com

Ground for lawfulness

• Tasks in public interest • Art. 5(1)(a)

→ Appropriate legal basis

→ Appropriate and specific safeguards

→ Transparency and rights

davooda/Shutterstock.com Rashad Ashur/Shutterstock.com

Legal basis

• Legal effects Decision power

• Clear, precise, specific/explicit provisions, providing for processing of personal data

Purpose specification

• EU legal act, internal act of EUI Form

• Within EUI‘s competencies, in matters relating to EUI‘s operation

Tasks

• Safeguards for rights Mitigating risk

• Foreseeable, transparent Publication

Brian A Jackson/Shutterstock.com