Statement: Signifies the agreement to the processing of personal data related to an individual

Rationale: 

Privacy refers to any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Additionally, it refers to ensuring that the vast amounts of citizens' personal data held and processed by public bodies are protected by complying with the applicable legal framework.

A relevant aspect to consider when focusing on the application of privacy is full compliance with GDPR Regulation.

Implications: 

The controller shall implement appropriate technical and organisational measures to ensure and be able to demonstrate that processing is performed according to this Regulation. Those measures shall be reviewed and updated where necessary.

Member States, the supervisory authorities, the Board and the Commission shall encourage, in particular at the Union level, the establishment of data protection certification mechanisms and data protection seals and marks, for the purpose of demonstrating compliance with this Regulation of processing operations by controllers and processors.

All interoperability layers need to consider and foresee the implementation of mechanisms to achieve GDPR compliance.

Principle Source: Security and Privacy Underlying Principle (8) of European Interoperability Framework (EIF)

Principle Source URL: https://joinup.ec.europa.eu/collection/nifo-national-interoperability-f…

Scope: Business Agnostic

Category: Digital Public Service Design

Interoperability Layer: Legal IoP, Organisational IoP, Technical IoP

PURI: http://data.europa.eu/2sa/elap/privacy