{"id":149,"date":"2019-08-02T07:33:23","date_gmt":"2019-08-02T06:33:23","guid":{"rendered":"https:\/\/psd2meniet.nl\/?p=149"},"modified":"2021-08-16T12:18:01","modified_gmt":"2021-08-16T11:18:01","slug":"bijzondere-persoonsgegevens-en-de-psd2","status":"publish","type":"post","link":"https:\/\/dev.psd2meniet.nl\/en\/bijzondere-persoonsgegevens-en-de-psd2\/","title":{"rendered":"Special personal data in transactions"},"content":{"rendered":"<p>Payments to and from persons are personal data. Special personal data can be derived from payment details. Special categories of personal data require extra protection. The processing of such data is prohibited, unless there is a <a class=\"info-marker\" data-info=\"Het verwerkingsverbod is opgenomen in artikel 9 lid 1 AVG. De rest van het artikel noemt uitzonderingen waarbij de bijzondere persoonsgegevens wel verwerkt mogen worden, bijvoorbeeld in lid 3: 'de betrokkene heeft uitdrukkelijke toestemming gegeven voor de verwerking van die persoonsgegevens voor een of meer welbepaalde doeleinden'. \">statutory exception<span class=\"icon\"><\/span><\/a> With the Don't-PSD2-me egistry, we want to be able to filter account details of organisations whose transaction data should be considered as special categories of personal data.<\/p>\n\n\n\n<p>Personal data is any information about an identified or identifiable person. Special categories of personal data are personal data that indicate:<\/p>\n\n\n\n<ul><li>racial or ethnic origin,<\/li><li>political views,<\/li><li>religious or philosophical beliefs or <\/li><li>turn out to be trade union membership, <\/li><li>and processing genetic data, <\/li><li>biometric data for the unique identification of a person, or <\/li><li>data concerning health, or <\/li><li>data relating to a person's sexual behavior or sexual orientation <\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Don't-PSD2-me register and special categories of personal data<\/h2>\n\n\n\n<p>Probably the Don't-PSD2-me registry cannot filter all data. Therefore, at this stage, we will set up the Don't-PSD2-me registry in such a way that only account numbers that clearly show that they are personal data in themselves will be included. <\/p>\n\n\n\n<p>Special categories of personal data are often <a class=\"info-marker\" data-info=\"<\/p><p>Organisaties worden gerangschikt volgens de Standaard Bedrijfsindeling (SBI), die door het CBS wordt omschreven als \u201ceen hi\u00ebrarchische indeling van economische activiteiten die het CBS onder meer gebruikt om bedrijfseenheden in te delen naar hun hoofdactiviteit.\u201d De SBI kent vijf niveaus en is eigenlijk een internationale standaard: \u201cDe eerste vier cijfers van de SBI zijn, op enkele uitzonderingen na, gelijk aan de Europese NACE Rev 2.\u201d Dit betekent dat een Nederlandse oplossing, ook kan werken in andere Europese landen. <\/p><p>Zie dit artikel met SBI codes van organisatie-categorie\u00ebn die bijzondere persoonsgegevens verwerken.<\/p><ul><li>https:\/\/www.cbs.nl\/nl-nl\/onze-diensten\/methoden\/classificaties\/activiteiten\/sbi-2008-standaard-bedrijfsindeling-2008#id=de-toelichting-op-de-sbi-2008-versie-2018-0<\/li><li> https:\/\/psd2meniet.nl\/overzicht-sbi-codes-bijzondere-rekeninghouders\/\">Connect 1-on-1 to organisations.<span class=\"icon\"><\/span><\/a> This has to do with the way in which organisations are registered. A selection at the Dutch Chamber of Commerce yielded 2400 organisations that complied with the Sbi codes and process special categories of personal data of individuals.<\/li><\/ul>\n\n\n\n<p>Relevant are the transactions between the organisation and the person. Sometimes this is simple, think of membership of a trade union. Another gives transaction data no direct information, but can give an indiction through which profiling can take place. Think, for example, of the amount and frequency of payments at a pharmacy (amount, frequency). Other special personal data can (probably) not or only after interpretation be seen as special personal data. The most obvious category are account numbers for contribution payments, membership payments and donations to:<\/p>\n\n\n\n<ul><li>political groups<\/li><li>trade unions<\/li><li>associations active in the field of sexual behaviour or sexual orientation<\/li><li>religious institutions.<\/li><\/ul>\n\n\n\n<div class=\"wp-block-ugb-accordion ugb-accordion ugb-507d2d8 ugb-accordion--v2 ugb-accordion--design-basic ugb-main-block\" aria-expanded=\"false\"><style>.ugb-507d2d8 .ugb-accordion__heading{border-radius:12px !important}.ugb-507d2d8 .ugb-accordion__title{color:#222222}.ugb-507d2d8 .ugb-accordion__arrow{fill:#222222}<\/style><div class=\"ugb-inner-block\"><div class=\"ugb-block-content\"><div class=\"ugb-accordion__item\"><div class=\"ugb-accordion__heading ugb--shadow-3\" role=\"button\" tabindex=\"0\"><h4 class=\"ugb-accordion__title\">Criminal data require further investigation<\/h4><svg viewbox=\"0 0 20 20\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"ugb-accordion__arrow\" width=\"20\" height=\"20\"><path d=\"M16.7 3.3L10 10 3.3 3.4 0 6.7l10 10v-.1l10-9.9z\"><\/path><\/svg><\/div><div class=\"ugb-accordion__content\" role=\"region\"><div class=\"ugb-accordion__content-inner\">\n<p>Criminal data are not special categories of personal data under the GDPR. However, there is a separate, strict regime under which they may only be processed by the said parties. As far as we are concerned, this extra protection also applies to payments to the judicial authorities, such as the account number of the Dutch CJIB, because these can be regarded as criminal data. Read more about <a href=\"https:\/\/psd2meniet.nl\/wat-doen-we-met-strafrechtelijke-gegevens\/\">in this item<\/a>. <\/p>\n\n\n\n<p>There is no clearer criminal record than if you are in prison. Can you infer detention from someone's payments?  An inmate has <a href=\"https:\/\/www.dji.nl\/locaties\/h\/pi-haaglanden\/informatie-voor-justitiabelen-en-hun-naasten\">an own account in a penitentiary institution<\/a>. Transfers can be made to the account number of the location, stating the registration number, last name and initial(s) of the detainee. From this information a detention can be derived. We have not included these account numbers because the information about the detention does not concern the sender, and the recipient is difficult to identify. <\/p>\n<\/div><\/div><\/div><\/div><\/div><\/div>\n\n\n\n<div class=\"wp-block-ugb-accordion ugb-accordion ugb-60595d6 ugb-accordion--v2 ugb-accordion--design-basic ugb-main-block\" aria-expanded=\"false\"><style>.ugb-60595d6 .ugb-accordion__heading{border-radius:12px !important}.ugb-60595d6 .ugb-accordion__title{color:#222222}.ugb-60595d6 .ugb-accordion__arrow{fill:#222222}<\/style><div class=\"ugb-inner-block\"><div class=\"ugb-block-content\"><div class=\"ugb-accordion__item\"><div class=\"ugb-accordion__heading ugb--shadow-3\" role=\"button\" tabindex=\"0\"><h4 class=\"ugb-accordion__title\">Health data cannot be derived directly <\/h4><svg viewbox=\"0 0 20 20\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"ugb-accordion__arrow\" width=\"20\" height=\"20\"><path d=\"M16.7 3.3L10 10 3.3 3.4 0 6.7l10 10v-.1l10-9.9z\"><\/path><\/svg><\/div><div class=\"ugb-accordion__content\" role=\"region\"><div class=\"ugb-accordion__content-inner\">\n<p>Healthcare deserves special attention because payments are not always made directly from a person to a healthcare provider. However, you do have to deal with patient organisations where it is possible to derive special personal data from them. There is a relationship with ROM data, see these. <a rel=\"noreferrer noopener\" aria-label=\"external site (opens in a new tab)\" href=\"https:\/\/www.stopbenchmark.com\/\" target=\"_blank\">external site<\/a>.<\/p>\n\n\n\n<p>Personal contributions are processed for the CAK. This involves determining and collecting the personal contribution under the Long-Term Care Act (Wlz) and the Social Support Act (Wmo) for the municipalities and making payments to care providers under the Long-Term Care Act (Wlz). <a rel=\"noreferrer noopener\" href=\"https:\/\/www.hetcak.nl\/vragen\/betalen-en-de-factuur\/betalen\/rekeningnummer-van-het-cak\" target=\"_blank\">Each scheme has its own account number<\/a>. These songs could be included because their own contributions can be derived from them.<\/p>\n\n\n\n<p>Another way is to find a complete register of healthcare-related institutions. A central place is the <a href=\"https:\/\/www.vektis.nl\/uzovi-register\">UZOVI register<\/a>. UZOVI stands for Unique Healthcare Insurer Identification. The UZOVI register contains the UZOVI numbers and other data of health care insurers and other bodies (including authorised insurance advisers, care offices, label organisations and branch offices). The register contains current and historical information. The UZOVI number to submit claims in the correct manner and to the correct insurer. On enquiry it appears that this register does not register account numbers.<\/p>\n<\/div><\/div><\/div><\/div><\/div><\/div>\n\n\n\n<div class=\"wp-block-ugb-accordion ugb-accordion ugb-437dd8b ugb-accordion--v2 ugb-accordion--design-basic ugb-main-block\" aria-expanded=\"false\"><style>.ugb-437dd8b .ugb-accordion__heading{border-radius:12px !important}.ugb-437dd8b .ugb-accordion__title{color:#222222}.ugb-437dd8b .ugb-accordion__arrow{fill:#222222}<\/style><div class=\"ugb-inner-block\"><div class=\"ugb-block-content\"><div class=\"ugb-accordion__item\"><div class=\"ugb-accordion__heading ugb--shadow-3\" role=\"button\" tabindex=\"0\"><h4 class=\"ugb-accordion__title\">Sometimes ordinary personal data are special<\/h4><svg viewbox=\"0 0 20 20\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"ugb-accordion__arrow\" width=\"20\" height=\"20\"><path d=\"M16.7 3.3L10 10 3.3 3.4 0 6.7l10 10v-.1l10-9.9z\"><\/path><\/svg><\/div><div class=\"ugb-accordion__content\" role=\"region\"><div class=\"ugb-accordion__content-inner\">\n<p>Sometimes ordinary personal data are special. An example of this is the statement that <a rel=\"noreferrer noopener\" aria-label=\"being a sex worker is special personal data (opens in new tab)\" href=\"https:\/\/psd2meniet.nl\/?p=46\" target=\"_blank\">Being a sex worker is special categorie of personal data<\/a> is. Or what about the statement of the Advertising Code Committee on <a rel=\"noreferrer noopener\" aria-label=\"likes of a cancer patient (opens in new tab)\" href=\"https:\/\/psd2meniet.nl\/?p=48\" target=\"_blank\">likes of a cancer patient<\/a> on Facebook: within the limits of the law, and yet violating privacy? These examples show how far-reaching the issue can be. <\/p>\n<\/div><\/div><\/div><\/div><\/div><\/div>","protected":false},"excerpt":{"rendered":"<p>Payments to and from persons are personal data. Special personal data can be derived from payment details. Special personal data require extra protection. \u2026 <\/p>\n<div><a href=\"https:\/\/dev.psd2meniet.nl\/en\/bijzondere-persoonsgegevens-en-de-psd2\/\" class=\"more-link\">Read More<\/a><\/div>","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[],"featured_image_urls_v2":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","trp-custom-language-flag":"","post-thumbnail":"","entry":"","entry-cropped":"","entry-fullwidth":"","entry-cropped-fullwidth":""},"post_excerpt_stackable_v2":"<p>Betalingen van en naar personen zijn persoonsgegevens. Uit betaalgegevens kunnen bijzondere persoonsgegevens afgeleid worden. Bijzondere persoonsgegevens vragen om extra bescherming. De verwerking van de gegevens is verboden, tenzij sprake is van een wettelijke uitzondering Met het PSD2-me-niet-register willen we rekeninggegevens kunnen filteren van organisaties, waarvan de transactiedata als bijzondere persoonsgegevens aangemerkt moeten worden. Persoonsgegevens zijn alle informatie over een ge\u00efdentificeerde of identificeerbare persoon. Bijzondere persoonsgegevens zijn persoonsgegevens die duiden op: ras of etnische afkomst,politieke opvattingen,religieuze of levensbeschouwelijke overtuigingen of het lidmaatschap van een vakbond blijken, en verwerking van genetische gegevens, biometrische gegevens met het oog op de unieke identificatie van&hellip;<\/p>\n","category_list_v2":"<a href=\"https:\/\/dev.psd2meniet.nl\/en\/category\/achtergrond\/\" rel=\"category tag\">achtergrond<\/a>","author_info_v2":{"name":"Martijn van der Veen","url":"https:\/\/dev.psd2meniet.nl\/en\/author\/martijn\/"},"comments_num_v2":"4 comments","_links":{"self":[{"href":"https:\/\/dev.psd2meniet.nl\/en\/wp-json\/wp\/v2\/posts\/149"}],"collection":[{"href":"https:\/\/dev.psd2meniet.nl\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dev.psd2meniet.nl\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dev.psd2meniet.nl\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/dev.psd2meniet.nl\/en\/wp-json\/wp\/v2\/comments?post=149"}],"version-history":[{"count":9,"href":"https:\/\/dev.psd2meniet.nl\/en\/wp-json\/wp\/v2\/posts\/149\/revisions"}],"predecessor-version":[{"id":769,"href":"https:\/\/dev.psd2meniet.nl\/en\/wp-json\/wp\/v2\/posts\/149\/revisions\/769"}],"wp:attachment":[{"href":"https:\/\/dev.psd2meniet.nl\/en\/wp-json\/wp\/v2\/media?parent=149"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dev.psd2meniet.nl\/en\/wp-json\/wp\/v2\/categories?post=149"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dev.psd2meniet.nl\/en\/wp-json\/wp\/v2\/tags?post=149"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}