The aims of this assignment are:
Your task consists of the two parts described below. For each part of the assignment a separate Homework Vaults will be opened (HW01_analysis, HW01_request, HW01_response). The submissions for all the tasks should be submitted by 14 April 2025 in the respective Homework Vaults in accordance with the instructions below. Both tasks shall be evaluated no later than 28 April 2025.
Contact 2 e-shops of your choice and ask them what data they specifically process about you. The request has no formal requirements, it is based on Article 15 of the GDPR. In case of enquiries with a foreign entity, you can find inspiration here: https://www.mydatadoneright.eu/ (however, please only as an inspiration = use of this tool to generate your request is strictly forbidden). Insert the request and the relevant parts of response of the given administrator (e-shop) separately into the respective Homework Vault in PDF format - HW01_request, HW01_response (please insert both requests/responses for e-shops in one .pdf file divided in two parts using some clear visual separator). If you will not receive a response from an administrator within a reasonable time (10 days), try asking again. If you don’t receive any answer even then, just submit the information about which e-shop hasn’t responded to you to the Homework Vault within the time limit.
When selecting e-shops, please consider their capacity, i.e., try to minimize the burden (select them randomly,
if possible differently than your 300+ colleagues, also select foreign entities, large entities, etc.). You also have
the option of replacing parts of the requests and responses (XXXXXXrequest.pdf, XXXXXXresponse.pdf) that you do not want
to share (e.g., the name of the e-shop you use, personal information about you, etc.) with strings (AAAAA, …, XXXXX,
YYYYY, ZZZZZ - as pseudonyms, but always using the same string of characters to indicate the same hidden string).
Alternatively, if you do not want to share the e-shop response, insert a clear justification why (that is relevant in
terms of the knowledge you have gained about the legal framework for data protection). If the e-shop you have chosen
provides with option “get a copy of your personal data stored in \
You can get 1 point for this first part - only the wording of the request will be assessed. The response you get from the e-shop (or the relevant reason why you don’t want to share your answer) is not assessed as it is up to the e-shop.
Choose one of the two examples below and answer the questions. Enter your answers in a separate Homework Vault HW01_analysis in PDF format in the appropriate language. You can get 2 points for this second part - a correct answer including explanation is assessed.
Jste správcem online platformy FETA a přišel Vám následující požadavek:
“Dobrý den, zjistil jsem, že na Vaší platformě mám uživatelský účet. Žádám Vás o informaci, jaké osobní údaje a proč o mě zpracováváte. Nevím o tom, že bych k tomu dal kdy souhlas. Dále Vás žádám o sdělení, odkud mé osobní údaje máte a které osoby jsou s mým profilem na Vaší platformě propojeny, nevím o nikom, kdo by Vaši platformu používal. Prosím tedy o zaslání všech údajů o mě i o těchto osobách, abych si je mohl ověřit. Chtěl bych také vědět, jak funguje zobrazování reklam na Vaší platformě, protože mi přijde, že máte můj profil úplně špatně. Zajímalo by mě, kolik z těch reklam máte, pošlete mi soupis všech firem, kterým mé údaje předáváte. Pokud mi už máte posílat reklamní letáky, posílejte mi něco relevantního - nejsem matka od dětí, je mi 30 a jsem svobodný muž - opravte si to prosím! Pokud s něčím výše uvedeným máte problém, nechci u Vás žádný účet mít a okamžitě smažte všechny údaje, co o mě máte! S pozdravem user1984”
Vyhodnoťte situaci s přihlédnutím k právům subjektu údajů tak, jak je upravuje https://eur-lex.europa.eu/legal-content/CS/TXT/?uri=CELEX:32016R0679 - nařízení GDPR v Kapitole III, rozhodněte o dalším postupu (otázky 1-3) a své rozhodnutí zdůvodněte za využití dané právní úpravy.
You are the administrator of the e-commerce platform buyall.com and you have received the following request:
“Hello, I have a user account on your platform. I am asking you to tell me what personal data you process about me and for what reason. I am not aware that I have given my consent to any processing of personal data and I do not agree with it. I ask you to tell me where you obtained my personal data and which other persons you link to my profile on your platform and for what reason? I thus ask you to send me all the data about my person (or my profile), but also the profile of these other persons, so that I can verify the linking and everything else. I would also like to know how you display advertisements on your portal and how it works, as it seems to me that you have completely wrong information about my person - I am not really interested in gardening supplies and tomato seedlings. I would be interested to know how much of such completely inappropriately targeted advertising you have, and also to which other companies you pass on my data. And if you have to send me advertising messages, please correct my profile. If you disagree with any of the above, please delete my CrazyUser111 account immediately, as well as all data relating to my person. Best regards, Karel Vomáčka.”
Evaluate the situation, considering the rights of the data subject as regulated by GDPR https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32016R0679 in Chapter III. Answer the questions below and explain your answer based on relevant legal regulation.
The name of the documents you submitted with the e-shop request and its response shall be XXXXXXrequest.pdf / XXXXXXresponse.pdf (upload this to the appropriate HW01_request / HW01_response Homework Vault), the name of the document with the answers to the question (assignment part 2) shall be XXXXXXanalysis.pdf (upload this again to the appropriate HW01_analysis Homework Vault). XXXXXX is your University ID number (UČO).