Topicm3137bf27dcdb57d4_1528449000663_0Topic

Personal data protectionpersonal data protectionPersonal data protection

Levelm3137bf27dcdb57d4_1528449084556_0Level

Second

Core curriculumm3137bf27dcdb57d4_1528449076687_0Core curriculum

Grades VII‑VIII

V. Compliance with the law and health and safety rules. The student:

1) describes ethical issues related to the use of computers and computer networks, such as: security, digital identity, privacy, intellectual property, equal access to information and information sharing;

2) behaves ethically when working with information;

3) distinguishes between the types of software licenses and resources on the network.

Timingm3137bf27dcdb57d4_1528449068082_0Timing

45 minutes

General objectivem3137bf27dcdb57d4_1528449523725_0General objective

Understanding the legal rules which apply to personal data protectionpersonal data protectionpersonal data protection.

Specific objectivesm3137bf27dcdb57d4_1528449552113_0Specific objectives

1. Identifying situations in which access to data and its correction is possible.

2. Identifying situations when and on what terms everyone may demand limiting data processing and data transfer.

3. Identifying situations when and on what terms everyone can object to data processing and demand to be forgotten.

Learning outcomesm3137bf27dcdb57d4_1528450430307_0Learning outcomes

The student:

- identifies situations in which everyone may request access to personal data, correct, transfer and limit processing them,

- identifies situations when and on what terms everyone can object to the processing of data and demand to be forgotten.

Methodsm3137bf27dcdb57d4_1528449534267_0Methods

1. Flipped classroom.

2. Discussion and brainstorming.

Forms of workm3137bf27dcdb57d4_1528449514617_0Forms of work

1. Individual work.

2. Class work.

LESSON STAGESm3137bf27dcdb57d4_1528450135461_0LESSON STAGES

Introductionm3137bf27dcdb57d4_1528450127855_0Introduction

Student answer the following questions:

1. Is it allowed to publish your personal data?2. What does „personal data protection” mean?3. Are there regulations about personal data protection?4. Look for the information about General Data Protection Regulation on the Internet.m3137bf27dcdb57d4_1527752263647_01. Is it allowed to publish your personal data?2. What does „personal data protection” mean?3. Are there regulations about personal data protection?4. Look for the information about General Data Protection Regulation on the Internet.

Procedurem3137bf27dcdb57d4_1528446435040_0Procedure

Task 1

Students look for websites on the Internet where they can find information about personal data protectionpersonal data protectionpersonal data protection. Then, a class discussion should be conducted about this topic.

Task 2

Look at the slideshow about your basic rights according to General Data Protection Regulation

[Slideshow]

Task 3

Students read carefully the text below and make notes about this topic in the form of a mind map.

More and more attention and emphasis is being given to te protection of personal data, but also public awareness of this issue is growing. Higher requirements are imposed on institutions based on more precise and restrictive legal regulations.

According to applicable law, personal information is considered to be all information about an identified or identifiable natural person, where the person identifiable is a person whose identity can be determined on the basis of an identification number or due to unique factors defining its physical, physiological, mental, economic, cultural or social features. There is no exact list of which data are considered to be personal data, and which are not, because a single piece of information (and sometimes some information) will be too general or encoded to be used to identify a person. An individual assessment should be made for a specific situation and information to make the decision if the specifying information is personal data or not.

All operations on the personal data, including their possession, is recognized as processing of personal data. The regulations indicate that collection, storage, development, modification, sharing or deletion is processing of personal data. It is worth to remember that each institution that wants to process our personal data must have a specific and legitimate purpose for processing them. Collecting our data „just in case” is forbidden, and when there is no need to process them, our data should be removed.

If any institution processes our personal data, please remember that we have the following rights:

- The right to information (which means: the fulfillment of the information obligation according to which we have the right to obtain information about what the entity that processes our data with complete identification information about the entity is and contact persons responsible for processing, for what purpose and on what legal basis our data are processed, what the scope of the data is and how long the processing period is),
- The right of access the data (obtaining information whether our data is processed, gaining access to or obtaining a copy of it but only when if it does not result in the disclosure of confidential data or third‑party data or an infringement of intellectual property rights);
- The right to correct data (in case of inaccuracies);
- The right to limit data processing (if the processing is illegal, in particular, if there are no grounds for processing);
- The right to limit the processing of data (if the processing is illegal, in particular, there are no grounds for processing the data).
- The right to object to processing of the data (unless the entity demonstrates the existence of valid, legally justified, grounds for processing).
- The right to be forgotten (the right to delete data, if there is available technology and the cost of its implementation allows it, and we do not deal with the right to freedom of expression and information, the fulfillment of a legal obligation that requires data processing, whether the task is carried out in the public interest, interest of public health, archive purposes in the public interest, research, historical or statistical purposes, determination, investigation or a defense of claims).
- The right to transfer data (sending them to another administrator).

Personal data must be protected, i.e. protected against loss, disclosure or unauthorized access. The requirements for the protection of personal data are particularly restrictive if the processing is carried out in IT systems. The regulationsregulationsregulations do not indicate specific types of protection, but they must be effective enough to minimize the risk of security breachrisk of security breachrisk of security breach.

Lesson summarym3137bf27dcdb57d4_1528450119332_0Lesson summary

Remember that according to General Data Protection Regulation you have the right to:- information;- access to data;- correct data;- limit data processing;- object to the processing of data;- be forgotten;- transfer data.m3137bf27dcdb57d4_1527752256679_0Remember that according to General Data Protection Regulation you have the right to:- information;- access to data;- correct data;- limit data processing;- object to the processing of data;- be forgotten;- transfer data.

Selected words and expressions used in the lesson plan

confidential dataconfidential dataconfidential data

General Data Protection Regulation GDPRGeneral Data Protection Regulation GDPRGeneral Data Protection Regulation GDPR

infringement of intellectual property rightsinfringement of intellectual property rightsinfringement of intellectual property rights

intellectual propertyintellectual propertyintellectual property

personal data processingpersonal data processingpersonal data processing

personal data protectionpersonal data protectionpersonal data protection

regulationsregulationsregulations

risk of security breachrisk of security breachrisk of security breach

scope of the datascope of the datascope of the data

third‑party datathird‑party datathird‑party data