Your medical records are confidential: Special protections for sensitive data
Protecting sensitive data in practice: Privacy during a doctor’s visit
A doctor’s appointment is coming up: You’ve got to have a medical check-up. A routine visit, which updates your medical records. The medical information from this latest visit is now added to data from multiple previous heck-ups. These patient records are only processed by qualified people bound to professional secrecy.
Obviously, your data can continue to be processed in the medical fields. However, confidentiality must be strictly observed, since the General Data Protection Regulation places extra sensitive data under extra protection.
Special protections for sensitive data: Unique arrangements for medical records
Even though personal data is always sensitive, the General Data Protection Regulation classifies certain information as especially sensitive: This includes data revealing your political views, ethnic background or union membership as well as genetic data, medical data and details about your sexual orientation. You have to express explicit consent in order for this to be processed. The processing of such data is also permitted if you made it public yourself or if certain legal requirements are in place, for example in the fields of labour law, medical research or public health.
Parental control: Children’s consent for data processing
Regardless of any type of data, the General Data Protection Regulation places children under special protection: When a child is below the age of 16 years, he or she cannot consent to the processing of his or her data without the approval of a parent. However, it’s still unclear how it can be technically achieved to prove that parents actually express their consent to their child using a learning app, for instance. One possibility is a two-way identification system using a parent’s phone.
Shared responsibility for the implementation: Data controllers must take precautions, you must give your consent
Highly sensitive data requires a high level of protection. That’s why the General Data Protection Regulation sets strict legal boundaries for processing such data. Therefore, it’s important that you are aware of what personal data you share with whom and who request your data. Highlighting special categories of highly sensitive data is intended to encourage data-processing companies to be particularly careful with them: If sensitive data is processed in violation of data protection regulations, data controllers face particularly high fines (read more about the potential sanctions in the separate post).