Database Reference
In-Depth Information
the point of being discriminatory. The controller must ensure that only accurate
data is processed. He must keep the data up to date. These obligations of the
controller are independent from the right of the data subject to have their data
corrected or deleted. The obligation to only process accurate data may require
rectification and sometimes may even require the deletion of data.
It is necessary to take all the measures required to erase or rectify inaccurate or
incomplete data
5
. Some useful tools may be: checks at the time of collection,
periodic checks (to ensure the update of data) or the use of software to prevent the
acquisition of incomplete, irrelevant or inaccurate data. Some countries have been
faced with the need to activate a specific mechanism for updating and rectifying
the data so as not to alter public or historically valuable records. This was the case,
for instance, with the request submitted by a data subject to the Italian data
protection Authority to have his data erased from the “Baptism's Register”
6
. The
Italian data protection Authority found that it was impossible for a person data to
be erased from the “Baptism's Register”. “However, it ruled that the applicant
could lawfully claim that his religious beliefs should be reflected accurately, and it
was thus ordered that a note should be added to the register to specify that the data
subject (...) did not intend any longer to be considered a member of that religious
confession”
7
.
The importance of the quality of information also arises from other provisions
of the Directive 95/46/EC.
Firstly, according to art. 12, the data subject has the right to obtain from the
controller the access to data and where appropriate, the rectification, deletion or
blocking of data the processing of which does not comply with the provisions, “in
particular because of the incomplete or inaccurate nature of data”.
Moreover, the data subject has the right to control data relating to himself and
the controller must implement appropriate measures to guarantee the correct,
complete and accurate processing of personal data. According to art. 17 of the
Directive, “(...) the controller must implement appropriate technical and
organizational measures to protect personal data against accidental or unlawful
destruction or accidental loss, alteration, unauthorized disclosure or access, in
particular where the processing involves the transmission of data over a network,
and against all other unlawful forms of processing”.
This provision refers to the risk of data alteration and therefore to the need to
ensure the quality of the data.
The principle of quality of information and the data subject's right to access
their own data are relevant in all Member State laws on data protection.
For instance, in addition to the rights already recognized by Directive
95/46/EC, the Italian Data Protection Code (Legislative Decree 30 June 2003, no.
196) recognizes the data subject's right to request that the controller integrates and
5
Kuner (2007).
6
Italian data protection Authority, decision of 13 September 1999, decision of 25
November 2002 and decision of 30 December 2002. These decisions are available on
http//www.garanteprivacy, docc. web 1090502, 1067188, 1067171.
7
Buttarelli (2010), p. 67.
Search WWH ::
Custom Search