ILN Data Privacy Paper

Portugal

uniquely identifying a natural person, data concerning health and data concerning a natural person's sex life or sexual orientation. Without prejudice to the above, this prohibition does not apply if one of the exceptions provided for in the GDPR is met (cf. Article 9(2)(a)-(j) GDPR). As a rule, the processing of this kind of personal data, where permitted, is generally subject to stricter criteria of protection and/or consent. Special cases of data processing also include personal data relating to (i) children (Article 8 GDPR and Article 16 PDPL), (ii) criminal convictions and offences (Article 10 GDPR) and (iii) deceased persons (Article 17 PDPL). The PDPL also contains special provisions for specific situations, for example: Video surveillance, imposing limits on the incidence of cameras and sound recording (Article 19 PDPL); Impossibility of exercising the rights to information and access to personal data (Articles 13-15 GDPR) when the law imposes a duty of secrecy on the controller or processor that is enforceable against the data subject (Article 20 PDPL); Articulation of the protection of personal data with the exercise of freedom of expression, information and the press, including the processing of data for journalistic purposes and for the purposes of academic, artistic or literary expression (Article 24 PDPL);

Publication of personal data in official journals (Article 25 PDPL); Access to administrative documents and publication of data in the context of public procurement (Articles 26 and 27 PDPL); Processing of workers' personal data in the context of labour relations (Article 28 PDPL); Processing of health and genetic data (Article 29 PDPL); Processing of personal data for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes (Article 31 PDPL) Additionally, and as a general rule, personal data can also be categorized according to its nature, for example: (i) identification data (i.e., name, identification number, passport number and tax identification number); (ii) contact information (i.e., email address, telephone number and home address); (iii) location data (i.e., GPS data and mobile device location data); (iv) financial data (i.e., credit card information, bank account information and financial transactions history); (v) health data (i.e., medical records, diagnoses and treatments). 3.1.3 Treatment of data and its different categories Ø Regulation of personal and non- personal data

www.mgra.pt

Made with FlippingBook - PDF hosting