Does locating pets qualify as processing of personal data?
Vilponen, Pauliina (2018-09-05)
Does locating pets qualify as processing of personal data?
Vilponen, Pauliina
(05.09.2018)
Turun yliopisto
avoin
Julkaisun pysyvä osoite on:
https://urn.fi/URN:NBN:fi-fe2018090534625
https://urn.fi/URN:NBN:fi-fe2018090534625
Tiivistelmä
One noteworthy and unconventional form of data processing is accessing location
information on an electronic collar worn by a pet. Technically, this kind of data
collection is conducted within a mobile application operated on a mobile device. The
collected location data closely connects to the location of the pet owner or another
individual residing close to the pet. Therefore, the app developer operating the mobile
application must comply with all relevant data protection legislation.
The first part of this thesis explains, why a pet’s location qualifies as personal data, how
this information is technically accessed, and which legal instruments regulate the use of
this data. In addition, the first part addresses how the basic data protection principles
and the obligation to acquire an individual’s consent create limitations regarding the use
of the collected data. Furthermore, it is argued in the second part of this thesis that the
real value of personal data to an enterprise is connected to the possibilities of third party
data disclosure. In addition, it is argued that the European data protection rights,
specifically the right to be forgotten and the right to data portability, significantly limit
the app developer’s potential to economically benefit from the collected location data.
In this regard, the second part also includes forming a model to transfer location data in
a private corporate acquisition process. The main research method used in this thesis is
problem-oriented legal dogmatics and the main legal context is the European data
protection framework.
The findings of this research are divided into two distinct arguments. Firstly, it is
concluded that while rendering the collection of pets’ location data lawful, the app
developer should not over-value an end user’s consent by considering it the sole
sufficient basis to protect the fundamental rights and freedoms of the individual.
Secondly, in the modern personal data economy, the app developer should treat personal
information as a hybrid legal concept which effectively adapts itself to changing data
protection situations. By including the end users to the data collection operations, the
app developer also
information on an electronic collar worn by a pet. Technically, this kind of data
collection is conducted within a mobile application operated on a mobile device. The
collected location data closely connects to the location of the pet owner or another
individual residing close to the pet. Therefore, the app developer operating the mobile
application must comply with all relevant data protection legislation.
The first part of this thesis explains, why a pet’s location qualifies as personal data, how
this information is technically accessed, and which legal instruments regulate the use of
this data. In addition, the first part addresses how the basic data protection principles
and the obligation to acquire an individual’s consent create limitations regarding the use
of the collected data. Furthermore, it is argued in the second part of this thesis that the
real value of personal data to an enterprise is connected to the possibilities of third party
data disclosure. In addition, it is argued that the European data protection rights,
specifically the right to be forgotten and the right to data portability, significantly limit
the app developer’s potential to economically benefit from the collected location data.
In this regard, the second part also includes forming a model to transfer location data in
a private corporate acquisition process. The main research method used in this thesis is
problem-oriented legal dogmatics and the main legal context is the European data
protection framework.
The findings of this research are divided into two distinct arguments. Firstly, it is
concluded that while rendering the collection of pets’ location data lawful, the app
developer should not over-value an end user’s consent by considering it the sole
sufficient basis to protect the fundamental rights and freedoms of the individual.
Secondly, in the modern personal data economy, the app developer should treat personal
information as a hybrid legal concept which effectively adapts itself to changing data
protection situations. By including the end users to the data collection operations, the
app developer also