New Field Request Discussion: Source of PI - When PI is Obtained from A source other than individual

[smartopian]

When not obtained from the individual in the GDPR there is an extra field required.
Article 14.2(f) which refers to a notice about the Source and specifically which publicly accessible sources (if any used)

After taking a look its clear that this is a great provision in the GDPR, although have not done the research to find out if this is in other jurisdictions statutory or legitimate interest regulations.

In this regard: if anyone is a specialist in a particular sensitive data area of privacy in a non EU county it would be great to know if the Data Subject gets a notice (or has the right to be provided when asked for) the source of data and the links to the publicly accessible sources of the data.

My Thinking:
If this is a unique legal requirement to the EU then this is required for an EU profile - we could (in order to be progressive) decide to include it in the core spec as a Should (for a specific context GDPR) and May be used for all notice where PI is collected from another source. This can then be defined in the specification of a point of interoperability where the spec for this field adapts to both the EU and International standards.