Beyond Consent: Understanding the Lawful Bases for Data Processing
Oumeyma Hadjazi ????
Trainee Lawyer | Data Protection 18-07 & GDPR | Masters in Business Law
When we think of personal data protection, the first thing that comes to mind is consent. We are reminded of that little box that we tick in many websites while we’re roaming the internet. However, consent is only one way to legally collect and process personal data.
According to Article 7 of Law No. 18-07, the Algerian legislature defined seven lawful bases that allow for the processing of personal data. This article provides a quick overview of each of these lawful bases, but first..
What is a lawful basis?
A lawful basis for processing personal data is a legitimate justification for collecting and processing data. The law makes it illegal to handle personal data unless one of these bases applies, and it is your responsibility to demonstrate which lawful basis applies to your processing purpose and to justify why processing the data is necessary.
Why is having a lawful basis important?
Without a lawful basis, your data processing would be illegal, which could lead to serious consequences under the Algerian law, such as lawsuits, penalties and even a prison sentence.
So let’s try to avoid all that and learn more about the seven lawful bases mentioned in Article 7:
1. Legal Obligation:
???Which means that the processing is necessary to comply with the law. For example, employers must handle employee data in order to complete necessary paperwork for insurance and tax purposes, therefore they must process and store employees personal data such as their full name, insurance details, bank account numbers, salary...etc
2. Saving a Life:
???This basis allows for data processing that is necessary to protect someone’s life. Unlike the GDPR, the Algerian law explicitly separates this from basis number 4, which is Vital Interests. An example of this would be an employee getting a critical injury resulting in the employer sharing their medical information with the paramedics.
领英推荐
3. Contract:
???This basis is applicable when you have a contract with an individual, and in order to fulfill your contractual obligations it’s essential to process their personal data, such as processing payment details in order to complete a client's purchase from your e-commerce website.
4. Vital Interests:
???Similar to the second basis, here the processing is necessary to protect the vital interests of the individual in question. This typically applies in critical situations, mandating immediate and essential actions. In case of natural disasters such as earthquakes, an individual's location data would be disclosed to be able to save them.
5. Public Task:
???This basis applies to tasks carried out in the public interest or the exercise of official authority. It's more relevant to public authorities when performing their legal duties. For example, public authorities could collect and process residents' health related data to monitor for any disease outbreaks.
6. Legitimate Interest:
???This is the most flexible basis, allowing for data processing that benefits you or others, has limited privacy impact, and aligns with the individual's reasonable expectations. However, it requires thorough justification on your part. The use cases for this are endless, for example you could record conversations with clients for training and research purposes.
7. Consent:
???When no other lawful basis applies, obtaining consent becomes imperative. Consent must be freely given, specific, informed, and unambiguous. Individuals should be fully informed and have real control over the process, meaning they could withdraw their consent at any moment, which is a real operational challenge for any business. An example of this is when you sign up for a newsletter, you will most likely check a box to consent to being added to a mailing list.
-
Ultimately, navigating the realm of data processing requires more than just a simple "I agree" checkbox, which is why understanding other various lawful bases for data processing is crucial for choosing a basis that best fits your processing? purposes.?
Stay tuned for detailed articles on each lawful basis, where you will get deeper insights into compliance with both the GDPR and the Algerian Law No. 18-07. If you’re interested in these topics, consider following my page to stay updated with each new post. Until then, see you soon!