How to process specific personal data in EU law and examine it in the Iranian legal system

Document Type : Original Article


1 Associate Professor, Department of Private Law, Faculty of Law and Political Science, Ferdowsi University of Mashhad, Mashhad, Iran

2 Ferdowsi University of Mashhad


In order to provide comprehensive protection of personal data and data subjects, the General Data Protection Regulation (GDPR) has addressed various aspects. One of these protections is to pay attention to personal data that, due to their sensitive nature, need more protection (specific personal data). This regulation sets out various requirements for the processing of specific personal data. These requirements include the principle of prohibition of sensitive personal data processing unless there is a legal exception. Another requirement is the need for official authority oversight and legal authorization to process personal data relating to criminal convictions and offences. Determining a certain age for consent to processing is also a requirement for protecting children's personal data. In this study, by explaining in detail these requirements and clarifying how specific personal data is processed in EU law, the protection of specific personal data in Iranian law has also been examined. The conclusion is that although Iranian law on personal data does not have an independent law to rely on to protect specific personal data; However, according to the laws and regulations, legal doctrine, principles of Iranian law, there are many requirements for the processing of specific personal data set out in the GDPR, also in Iranian law.


Main Subjects