Since ICT involves the use of personal data from different types of data subjects, it is highly recommendable to hear the voices of the representatives of the collectives involved so as to ensure that the Data Protection by Design policies(see the “Data protection by design and by default”subsection in the “Main Concepts” section of the General part of these Guidelines) are in line with their interest, rights and freedoms. Organizing some preliminary discussions with those representatives ensures the implementation of a bottom-up framework that could be very helpful to this purpose.
| Checklist: Project Understanding |
| ☐ The use of data gathered through social networks does not promote scenarios that are incompatible with the EU fundamental values.
☐ The ICT development does not involve a disproportionate use of personal data gathered through social networks ☐ The controller ensured that the team members processing personal data have been\are adequately trained on the Developer Policy corresponding to the social network from which data will be extracted, and the key concepts on data protection issues ☐ Adequate assessment tools on data protection have been implemented from the very beginning of the project ☐ The roles played by all different agents involved in the data processing have been adequately clarified through the corresponding agreements and the controller can provide evidence on this. ☐ The ICT developer is well aware of the terms of use of the data gathered from the social networks ☐ The representatives of the key collectives involved in the data processing have been consulted on the impact of the use of the gathered data and the concrete social network selected. |