But the moment that data is voluntarily sent to the government, doesn’t it stop being “for personal use”? The premises for which that data was shared were broken.
Yes, but it depends on why the data was shared and who it was sent to.
So for example (assuming you’re in the UK), you discuss a crime. The other party sends a record of your communication to the police, or HMRC or whatever.
Ordinarily under Article 14 of UK GDPR, an organisation must inform a data subject that they have received their data from elsewhere, why they have it, what they intend to do with it etc.
However, there are numerous exemptions in the Data Protection Act (particularly Part 3 - Law Enforcement) and Schedules 2, 3 and 4 that would exempt an organisation from even telling you they have your data in the first place.
However, the “personal use” aspect still stands for the originator of the data. Don’t think of personal use as an exemption. It isnt, its more accurate to say that it is beyond the scope of UK GDPR, ie it isn’t covered at all. There is no exemption because one isnt needed, GDPR simply does not cover data being processed for personal reasons.
Think of another example. We work together and in confidence you tell me about a medical condition. If you told me because we are friends, then I’m free to tell whoever I want (corporate policies aside). However if you told me because I am your manager, then when I received the information I was acting in an official capacity on behalf of the organisation. Now if I chose to share that information with Occupational Health for instance, that woild probably be lawful. However if I emailed your colleagues and told them anything other than “he will be off work because he is ill” then that woild be a breach that the company would be liable for.
GDPR doesnt apply to data being processed by individuals or groups for personal use, the “household exemption”.
If you’re part of a conversation then the other person also “owns” the conversation and can decide what to do with it.
But the moment that data is voluntarily sent to the government, doesn’t it stop being “for personal use”? The premises for which that data was shared were broken.
Yes, but it depends on why the data was shared and who it was sent to.
So for example (assuming you’re in the UK), you discuss a crime. The other party sends a record of your communication to the police, or HMRC or whatever.
Ordinarily under Article 14 of UK GDPR, an organisation must inform a data subject that they have received their data from elsewhere, why they have it, what they intend to do with it etc.
However, there are numerous exemptions in the Data Protection Act (particularly Part 3 - Law Enforcement) and Schedules 2, 3 and 4 that would exempt an organisation from even telling you they have your data in the first place.
However, the “personal use” aspect still stands for the originator of the data. Don’t think of personal use as an exemption. It isnt, its more accurate to say that it is beyond the scope of UK GDPR, ie it isn’t covered at all. There is no exemption because one isnt needed, GDPR simply does not cover data being processed for personal reasons.
Think of another example. We work together and in confidence you tell me about a medical condition. If you told me because we are friends, then I’m free to tell whoever I want (corporate policies aside). However if you told me because I am your manager, then when I received the information I was acting in an official capacity on behalf of the organisation. Now if I chose to share that information with Occupational Health for instance, that woild probably be lawful. However if I emailed your colleagues and told them anything other than “he will be off work because he is ill” then that woild be a breach that the company would be liable for.
Hope that helps?