| ID | 1.5.2 |
| Title | Legal requirements Privacy - Sensitive data |
| Expert | Serge Gutwirth (VUB) Christoph Schnabel (UOK) |
| Priority | mandatory |
| Description | Sensitive data is any "personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership and data concerning health or sex life." Since information about increased font size or preferred audio output because of bad sight must be considered health data, the rules for sensitive data are important for SPICE. To legitimise the processing of personal data the data subject must give explicit consent, which is an even higher standard than "unambigious consent". The processing of sensitive data can only be legitimised by law if - it is necessary to protect the vital interests of the data subject. - it is necessary for the establishment, exercise or defense of legal claims. - it is required for the purposes of preventive medicine, medical diagnosis, the provision of care or treatment or the management of health-care services. If personal and sensitive data are mixed the higher standard of protection for sensitive data is applicable for the mixed data. Whenever sensitive data is being processed the above mentioned even stricter requirements for the processing of personal data are applicable. |
| Rationale | Relevant to assess the lawfulness of operation of SPICE |
| Type | non-functional |
| Depends on | 1.5.0 - General Legal requirement-completeness and comprehensiveness of regulatory requirement is impossible. |
| Child dependencies | 1.4.1 - User's Privacy rules (Open market) 1.4.3 - Portability of user profile 3.1.3 - User rules 3.1.4 - Terminal Synchronization 4.1.5 - Management and Provision of Service and Situation-dependent User Data 4.2.1 - Discovery and Exchange of Distributed Context Information; subscription and polling 4.2.2 - Gathering, Aggregation and Interpretation from Multiple Distributed Context Sources, derivation of knowledge 4.2.3 - Context Queries based on Semantic Context Schema and QoC 4.2.10 - Access, Storage, Processing and Distribution Rights 6.3.2 - Privacy rules for special cases 7.3.1 - User Policies and Provider Policies 8.1.1 - Restricted and parametrizable access to user profile/ data 8.1.5 - No user location tracking w/o user's explicit consent |
| Environment | |
| Other_info | |
| Category | regulatory |
| Subcategory | Privacy |
| Subcategory2 | |
| Scenario_scene | unified.scene5 |
| SPICE_value | |
| Demo | |
| Keywords | privacy;data protection |
| Home |