Skip to main content

Research Repository

Advanced Search

What does it mean for a data subject to make their personal data "manifestly public"? An analysis of GDPR Article 9(2)(e)

Dove, Edward S; Chen, Jiahong

What does it mean for a data subject to make their personal data "manifestly public"? An analysis of GDPR Article 9(2)(e) Thumbnail


Authors

Edward S Dove

Jiahong Chen



Abstract

• This article investigates an under-discussed and potentially significant provision in the EU General Data Protection Regulation (GDPR), namely Article 9(2)(e), which permits processing of special category personal data if the “processing relates to personal data which are manifestly made public by the data subject”.
• This provision may be of increasing interest to data controllers in a variety of cloud-based, internet-related, and/or social media contexts. We specifically consider the application of this provision in the context of genetic data and open data sharing (i.e. data that can be freely used, re-used, and redistributed by anyone), illustrating this by way of several cases of initiatives that seek to share genetic data. We query whether by uploading one’s own genetic data onto the internet, a person has made their data “manifestly public” within the meaning of the GDPR.
• Our response to this query is that in general, the answer should be no, but it remains possible. We argue that Article 9(2)(e) must be construed narrowly; outside of clearly defined contexts, it would be legally inappropriate to invoke and rely upon this manifestly public self-disclosure exception in data protection law. Our narrow interpretation of the provision aligns with the limited guidance made available from data protection authorities. As part of this argument, we propose a legal test that must be satisfied before

Citation

Dove, E. S., & Chen, J. (2021). What does it mean for a data subject to make their personal data "manifestly public"? An analysis of GDPR Article 9(2)(e). International Data Privacy Law, 11(2), 107-124. https://doi.org/10.1093/idpl/ipab005

Journal Article Type Article
Acceptance Date Jan 12, 2021
Online Publication Date Feb 23, 2021
Publication Date 2021-04
Deposit Date Jan 22, 2021
Publicly Available Date Feb 23, 2021
Journal International Data Privacy Law
Print ISSN 2044-3994
Electronic ISSN 2044-4001
Publisher Oxford University Press
Peer Reviewed Peer Reviewed
Volume 11
Issue 2
Pages 107-124
DOI https://doi.org/10.1093/idpl/ipab005
Keywords Article 9(2)(e); EU data protection; General Data Protection Regulation; genetic data; open data sharing; special category personal data 2
Public URL https://nottingham-repository.worktribe.com/output/5251438
Publisher URL https://academic.oup.com/idpl/article/11/2/107/6146670

Files





Downloadable Citations