1 / 17

Fate of Personal Data After Decease - Hungarian DPA's Recommendation

Explore the Hungarian National Authority for Data Protection and Freedom of Information's perspective on the publication and protection of personal data of deceased individuals. Discover the legal issues and potential solutions for safeguarding personal data in online environments.

ajake
Download Presentation

Fate of Personal Data After Decease - Hungarian DPA's Recommendation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Ide kerülhet az előadás címe Dr. Attila Péterfalvi President, Hon. Univ. Prof Fate of our personal data after decease Ide kerülhet az előadás címe

  2. INTRODUCTION • The Hungarian National Authority for Data Protection and Freedom of Information received a complaint in August 2015 from an anonymous person. • The complainant informed the Authority about a sad incident that happened between a Hungarian woman and a foreign man. • The woman and the foreign man got to know each other on Facebook. They have never met in real life. • The man wanted to convince the lady to get divorced from her present husband and marry him instead. • When the husband learned about the secret online relationship of his wife, he murdered her, their children than committed suicide.

  3. After thishorrible tragedy, the foreign national man contactedsomeHungarian tabloid newspapers and revealed his relationship with the murderedwoman. • Moreover, he posted to his Facebook profile some conversations with the woman, andalso intimate photos of the woman. • These were public posts, anyone could look up them.

  4. Question of the anonymous complainant: What is the Authority’s standpoint about the publication of personal data of the deceased? • The legal problems arising from the case can affect the interests of many people in the future. • Our online presencebecomes more and more significantpresentdays: socialmedia, forums, chat, blogs, online games etc. • The Authority decidedon 11. November 2015 to publish a recommendation on the topic: Faith of personal data after death (NAIH/2015/4998/V).

  5. On the generalprotection of personal data • Personal data concept of the Hungarian Privacy Act (3. § 1.): any data relating to the data subject (name, identification number, other factors, conclusion drawn from the data). • Personaldata can be processed when data subject has given prior consent, or it is decreed by the law(5. § (1)). • According to the general interpretation of the Privacy Act, the right to protection of personal data (right to information self-determination) only grantedto the living.

  6. Faith of personal data after decease • There are other statutory norms governing the protection of the personal data of the deceased. • However, it is rather unclear in many situations what happens to the already processed personal data when the data subject dies. • This problem is especially unclear in online environments, when data processing is based on the consent of the data subject, which was given before he/she passed away.

  7. Some effects of the deceased’s personal data to the descendents • The obligation to protect the data after the person's death does not cease completely. • Processingthe deceased's data or its disclosure can affect the descendants' privacy as well. • The Privacy Act does not currently authorize the relatives to control personal data associated with the deceased person (such as deletion of the processed data, rectification etc.) • But: • Thereare related provisionsin the Hungarian Civil Codeinthesocalled‚right of reverence’ (2:50. §).

  8. Provisions of the Hungarian Civil Code: ‚the right of reverence’ • If any infringement of the memory of the deceased occurs, the relatives or successormayseekremedyin front ofthe court. (Civil Code2:50. § (1)) • The infringement of the memory of the deceased needs to be examined in the light of personal rights while he/she was still alive. • The abovementionedpossibilityonlycomplieswiththesituation, whenthememory of thedeceasedwasviolatedthroughdataprocessing.

  9. Hungarian DPA’s opinion on extending data protection rights to the descendents • The social purpose of the protection of personal data would not be compatible with such a provision, that would extend the deceased’s data protection rights on the relatives and successors (e.g.: right to information). • However, deletion of these data has currently no statutory legal basis too. • The only possibility for relatives if the data controller (e.g.: an online service provider) provides an opportunity for the deletion under the terms of use:

  10. We drew attention in our recommendation that the established contract (terms of use) between the data subject and the data controller is typically terminated after the person's death. • With the termination of the contract, the purpose of the processing of personal data is also eliminated. • Therefore in principle, the data related to the deceased person should be deleted as well. • But: In most situations data controllers are not aware of the data subject’s death.

  11. Hungarian DPA’s recommendation • The Hungarian DPA considers that it may be necessary in the future to create a new plea based on the law that regulates data procession based on consent related to the deceased person. • This plea would allow the deletion and termination of such data by relatives and successors. • This may be necessary because the service provider typically cannot verify that by the death of the concerned person, the purpose of the processed data has already ceased. • This right, however, should not include the right to access to the deceased person's user profile and stored privacy (such as private correspondence).

  12. How to practice the new right • This right should be exercised only by the relatives and successors of the deceased by proving their family membership,thedeath of thedatasubject and by properly identifying the data provided by the deceased person. • The requests to delete personal data should only affect the data which the deceased has provided in relation to the service of the data controller. • Data created by third party in connection with the deceased cannot be affected: for example (nonmemory-infringing) photos published by a third person.

  13. Consequences of the Hungarian DPA’s recommendation • The DPA called the Hungarian Minister of Justice toexaminethe possibility of creating a legal basis and procedure, which grant the deceased's relatives and successors these special rights. • The Ministry of Justice examined the possibility and elaborated a possible legal background. • According to the concept, there are two possibilities regarding the personal data of the deceased: • If the deceased made a testimony in his/her life in a form of an authentic instrument or private document with full probative value. In this case the relatives and successors can practice data protection rights.

  14. 2. If no „last will on personal data” is available, than rectificationordeletion can be requested by the relatives from the data controller undertwocircumstances: • If data processing was illegal even in the data subject’s life or, • When the purpose of the data processing has ceased with the death of the data subject. Possible onlywith the necessary documentsprovided: death certificate, ID of the relative.

  15. Deadline for exercising the right The deadline for exercising the above mentioned rights would be 5 years after the death of the data subject! Applies for both circumstances: 1. if the data subject has a ‚last will on personal data’ 2. and also if he/she did not have one.

  16. Recommendation about a procedure incase ofparallel claims • The Hungarian DPA also recommended the Ministry of Justice to elaborate a procedure in cases when there are more claims on behalf of the relatives. • If there are more than one requests on behalf of the relatives: • The data controller must inform the later requester about the measures taken. When the later requester disagrees, than may seek remedy by the court. • If the data controller receives more requests at the same time and no measures have been taken yet regarding the data, than the data controller must suspend the procedure and should inform the requesters that they can turn to the court. • However, theMinistryprefers a „firstcomefirstserved” solution.

  17. Thank you for your attention! Dr. Attila Péterfalvi H-1125 Budapest, Szilágyi Erzsébet fasor 22/c. H-1530 Budapest, Pf. 5. Tel.: +36 391-1400 Fax: +36 391-1410 attila.peterfalvi@naih.hu ugyfelszolgalat@naih.hu www.naih.hu

More Related