Privacy Not permitted to identify a natural person

GDPR Recital 57 Not permitted to identify a natural person

If the personal data processed by a controller do not permit the controller to identify a natural person, the data controller should not be obliged to acquire additional information in order to identify the data subject for the sole purpose of complying with any provision of this Regulation. However, the controller should not refuse to take additional information provided by the data subject in order to support the exercise of his or her rights. Identification should include the digital identification of a data subject, for example through authentication mechanism such as the same credentials, used by the data subject to log-in to the on-line service offered by the data controller.

author avatar
Richard V

You may also like

Guidelines 9/2020 on relevant and reasoned objection under Regulation 2016/679
29 November, 2020

Guidelines 9/2020 on relevant and reasoned objection under Regulation 2016/679 Paragraph 3.2.3  Risks to free flow of personal data within the Union 44. Where the objection will refer to this particular risk, the CSA will need to clarify why it …

Guidelines 9/2020 on relevant and reasoned objection under Regulation 2016/679
29 November, 2020

Guidelines 9/2020 on relevant and reasoned objection under Regulation 2016/679 Paragraph 3.2.2  Risks to fundamental rights and freedoms of data subjects 39. The issue at stake concerns the impact the draft decision as a whole would have on the data …

Guidelines 9/2020 on relevant and reasoned objection under Regulation 2016/679
29 November, 2020

Guidelines 9/2020 on relevant and reasoned objection under Regulation 2016/679 Paragraph 3.2.1  Meaning of “significance of the risks” 35. It is important to bear in mind that the goal of the work carried out by SAs is that of protecting …