Data subjects can invoke numerous rights related to their data, which are described in full detail in the corresponding section (see the Data Subject Rights section in the General Part of these Guidelines). In general, developers should do their best to design the device or tool in a way that will respect users’ rights and also help users to exercise them. This can be done, for instance, by implementing a simple way to access data or by developing technical measures to aid the right to portability. However, restrictions on the rights and obligations provided for in the Proposal for an ePrivacy Regulation and/or in the GDPR are possible, when they constitute a necessary, appropriate and proportionate measure within a democratic society for certain objectives. In general, devices using geospatial data should enable their users to obtain access to their data in a human readable format and allow for rectification and erasure without collecting excessive personal data.
Some concrete tips to facilitate the implementation of rights
|Right of access||Data is often stored in a highly diversified form, making it difficult to access, especially for an unskilled data subject.||Provide a functionality to display all data related to a data subject. If there is a lot of data, it can be split into several screens. If the data is too large, offer the person the possibility to download a file containing all their data.
As regards location or proximity data, controllers may allow data subjects to access the information in usable formats such as in maps visualizations, in case they already use such formats
|Right to rectification||On some occasions, the data collected by the device will not be accurate. Data subjects must be able to rectify such data.||Allow direct modification of data in the user’s account (if applicable and/or possible). Provide advice on why it might not be advisable under some circumstances.|
|Right to erasure||Data subjects have the right to have their personal data deleted. However, this right may be limited under certain specific circumstances. Furthermore, users should be aware of the technical implications of a general deletion of the data. Thus, controllers must allow data subjects to erase only those data to which the right applies and introduce some information prior to allowing them proceed.||Provide a functionality to erase all data relating to an individual to which the right to erasure applies (and only to those data). In addition, provide for automatic notification to data processors to also erase such data. Provide for the deletion of such data in backup copies, or provide an alternative solution that does not restore deleted data relating to that person. Introduce a functionality that always alerts the user to the consequences of deletion.|
|Right to restriction of processing||It is often in the interest of data subjects that data of a particular type is not processed. The tool should be adapted to their preferences if the conditions of article 18 of the GDPR apply.||Provide a functionality that allows the data subject to object to the processing of specific personal data. When data subjects exercises their right to object in this way, the tool must delete the data already collected and must not subsequently collect any more such data.|
|Right to data portability||Users should be able to receive the personal data they have provided to the controller from the device without advanced technical skills. They also have the right to have their data transferred to another controller (that is, provider of another service). Note: this does not include data gathered through other means like external sources or through analytical or inference processes.||Provide a function that allows the data subject to download their data in a standard machine-readable format (CSV, XML, JSON, etc.).|
It is necessary to mention that the ePrivacy Regulation includes additional rights such as confidentiality of communications, calling line identification, or rights specifically targeted at location data other than traffic data (See chapter III of the Proposal). Controllers should ensure that the tool does not enable a violation of such rights by introducing measures devoted to limit the use of geospatial data if this is not essential for the service. For example, “regardless of whether the end-user has prevented access to the terminal equipment’s Global Navigation Satellite Systems (GNSS) capabilities or other types of terminal equipment based location data through the terminal equipment settings, when a call is made to emergency services, such settings may not prevent access to GNSS such location data to determine and provide the caller calling end-user’s location to emergency services an organization dealing with emergency communications, including public safety answering points, for the purpose of responding to such call” (ePrivacy Regulation, article 13.3).
|Checklist: Rights of the users
Users are able to exercise their rights via the application.
If the tool has been designed to work on proximity data, it cannot be used to draw conclusions on the location of the users based on their interaction and/or any other means.
If the tool has been designed to work on location data, it cannot be used to draw conclusions on the interaction of the users with other people.
If data are used for compatible purposes, the controller has performed the compatibility test.
If the controller wishes to use the data for a purpose other than that initially sought, the tool is designed to ask users for permission.
1See Article 15 of the ePrivacy Directive and Article 23 GDPR. ↑
3This checklist has been built on the basis of the EDPB, Guidelines 04/2020 on the use of location data and contact tracing tools in the context of the COVID-19 outbreak Adopted on 21 April 2020 ↑