mojaloop / fraud_risk_management

Central repo for fraud and risk management development and specifications
Other
14 stars 7 forks source link

[USER STORY] Privacy Rights Management - The right to object to processing #37

Open JustusOrtlepp opened 4 years ago

JustusOrtlepp commented 4 years ago

Story Title

As a DFSP Customer, I want to be able to file an objection against the processing of my information if such processing is unlawful, so that my privacy rights are protected according to applicable legislation

Acceptance criteria

  1. Given (context) and (more context) when (event) then (outcome) and (another outcome)...
JustusOrtlepp commented 4 years ago

The burden of proof of unlawful processing should generally be on the DFSP customer, if they believe processing of their data for fraud risk management purposes is in any way unlawful. The user story is mostly concerned with the logging of the objection, after which it will likely be a legal matter. The outcome of such a challenge may result in system changes (unlawful processing for one individual will most likely be unlwaful for many individuals), or may result in the rejection of the objection.