Full Title or Meme
The problem of giving notice to Subjects about issues in a digital ecosystem that impact the subject.
If the User Information processed by a Data Controller do not permit the controller to identify a natural person sufficiently well to provide the user with Notice of problems, the data controller should not be obliged to acquire additional information in order to identify the data subject for the sole purpose of complying with any provision of this Regulation. However, the controller should not refuse to take additional information provided by the data subject in order to support the exercise of his or her rights. Identification should include the digital identification of a data subject, for example through authentication mechanism such as the same credentials, used by the data subject to log-in to the on-line service offered by the Data Controller.
In most cases where users want to get corrections applied to data held by a Data Controller, they are not the customer, they are the product. For example, the three credit bureaus make nearly all of their revenue from merchants that want to know if a user is trustworthy. The merchants and banks are the source of the data and its consumers as well; the user is just a inconvenience to them.
- Before Subjects can be given notice, some mechanisms must be put into place to allow the subject to seek Redress or corrections to the data in the User Objects held by the Data Controller.
- See the wiki page on User Consent which is a structure that tells the user what data is held. This should align well with Notice structures.