Right to be informed definition
The right to be informed, under the General Data Protection Regulation (GDPR), means that people have the right to get clear, transparent, and easy-to-understand details about how organizations use and process their personal data.
Where and how the right to be informed applies
- Scope of GDPR. This right applies within the European Union (EU) and the European Economic Area (EEA). Any organization dealing with data of EU or EEA citizens must adhere, no matter where it’s based.
- Information scope. Organizations must explain why they’re processing the data, how long they’ll keep it, and who they might share it with.
- Timing. Individuals should receive the information at the time of data collection. In some cases, an organization gets the data from a source other than the individual. Then, it should share the details reasonably soon, at the time of first communication, and before sharing it with another party.
- Format. The information should be concise, transparent, clear, easy to access, and written in plain language.
Notable cases related to the right to be informed
- British Airways (2019). The UK’s Information Commissioner’s Office fined BA £183 million after a data breach affecting around 500,000 customers. The case revolved around BA’s failure to have adequate security measures, including the duty to inform affected people.
- Google (2019). Google had to pay a fine of €50 million in France for failing to clearly explain its data practices, breaking the right to be informed and other GDPR rules.