According to GDPR, Data can be shared if they are not personal data.
Personal Data can be collected by an application if they are justified by a use case.
However Medical Data (which are Personal Data) should never be shared, only if the user gives an explicit consent.
CNIL is a French institution that must regulate companies w.r.t. GDPR and needs to know quickly companies that do not align with these standards.
In this context, a company MediSportHelper offers to their users a service to coach them to practice a sport or to help them improve in their sport by proposing them a customized training program w.r.t. their medical data. A user accept to give an explicit agreement to collect medical data but not sharing them when he subscribes to the website.
Competency Questions
ID
Question in natural language
q1
How to check if a rule has been respected w.r.t. their associated exceptions ?
Glossary
Exception: A proposition that excludes some contexts of application of a rule or exceptions..
Recommendations
...
TBox
:hasException rdf:type owl:ObjectProperty ;
rdfs:comment "Associates exceptions to a context of application of a norm"@en ;
rdfs:label has exception"@en .
ABox
:gdprNorm a hmas:Norm .
:gdprNorm hmas:hasException _:e1 .
:gdprNorm hmas:permits
[ a rdf:Bag ;
rdf:li [ a sp:Ask ; sp:where ([ sp:subject _:dataE1 ; sp:predicate :hasBeenSharedTo ; sp:object _:entity ] ) ] ;
rdf:li [ a sp:Ask ; sp:where ([ sp:subject _:dataE1 ; sp:predicate a ; sp:object :ShareableData ] ) ] .
] .
:gdprNorm hmas:hasException _:e1 .
# Assumption that :ShareableData and :MedicalData are distinct classes
_:e1 a rdf:Bag ;
rdf:li [ a sp:Ask ; sp:where ([ sp:subject _:dataE1 ; sp:predicate a ; sp:object :PersonalData ] ) ] ;
rdf:li [ a sp:Ask ; sp:where ([ sp:subject _:dataE1 ; sp:predicate :belongsTo ; sp:object _:agt ] ) ] .
_:e1 :hasException _:e2.
_:e2 a rdf:Bag ;
rdf:li [ a sp:Ask ; sp:where ([ sp:subject _:dataE1 ; sp:predicate :isJustifiedBy ; sp:object _:justificationX ] ) ] .
_:e2 :hasException _:e3.
_:e3 a rdf:Bag ;
rdf:li [ a sp:Ask ; sp:where ([ sp:subject _:dataE1 ; sp:predicate a ; sp:object :MedicalData ] ) ] .
_:e3 :hasException _:e4.
_:e4 a rdf:Bag ;
rdf:li [ a sp:Ask ; sp:where ([ sp:subject _:agt ; sp:predicate :givesExplicitConsent ; sp:object _:dataE1 ] ) ] .
Description
According to GDPR, Data can be shared if they are not personal data. Personal Data can be collected by an application if they are justified by a use case. However Medical Data (which are Personal Data) should never be shared, only if the user gives an explicit consent. CNIL is a French institution that must regulate companies w.r.t. GDPR and needs to know quickly companies that do not align with these standards.
In this context, a company MediSportHelper offers to their users a service to coach them to practice a sport or to help them improve in their sport by proposing them a customized training program w.r.t. their medical data. A user accept to give an explicit agreement to collect medical data but not sharing them when he subscribes to the website.
Competency Questions
Glossary
Recommendations
...
TBox
ABox
Related links