scholarly journals An Overview of Belgian Legislation Applicable to Biobank Research and Its Interplay with Data Protection Rules

2021 ◽  
pp. 187-213
Author(s):  
Teodora Lalova ◽  
Anastassia Negrouk ◽  
Laurent Dollé ◽  
Sofie Bekaert ◽  
Annelies Debucquoy ◽  
...  
Keyword(s):  
Data Protection ◽  
Self Regulation ◽  
Personal Data ◽  
Legal Framework ◽  
Presumed Consent ◽  
General Data Protection Regulation ◽  
Main Research ◽  
Biobank Research ◽  
General Data ◽  
The Impact

AbstractThis contribution aims to present in a clear and concise manner the intricate legal framework for biobank research in Belgium. In Part 1, we describe the Belgian biobank infrastructure, with a focus on the concept of biobank. In Part 2, we provide an overview of the applicable legal framework, namely the Act of 19 December 2008 on Human Body Material (HBM), and its amendments. Attention is given to an essential piece of self-regulation, namely the Compendium on biobanks issued by the Federal Agency on Medicine Products and Health (FAMPH). Furthermore, we delineate the interplay with relevant data protection rules. Part 3 is dedicated to the main research oversight bodies in the field of biobanking. In Part 4, we provides several examples of the ‘law in context’. In particular, we discuss issues pertaining to presumed consent, processing of personal data associated with HBM, and information provided to the donor of HBM. Finally, Part 5 and 6 addresses the impact of the EU General Data Protection Regulation (GDPR), suggests lines for further research, and outline the future possibilities for biobanking in Belgium. 

scholarly journals Personal Data Protection in Russia

2020 ◽  
pp. 95-113
Author(s):  
Alexander Gurkov
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Legal Framework ◽  
Fundamental Rights ◽  
Special Role ◽  
State Control ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
General Data

AbstractThis chapter considers the legal framework of data protection in Russia. The adoption of the Yarovaya laws, data localization requirement, and enactment of sovereign Runet regulations allowing for isolation of the internet in Russia paint a grim representation of state control over data flows in Russia. Upon closer examination, it can be seen that the development of data protection in Russia follows many of the steps taken at the EU level, although some EU measures violated fundamental rights and were invalidated. Specific rules in this sphere in Russia are similar to the European General Data Protection Regulation. This chapter shows the special role of Roskomnadzor in forming data protection regulations by construing vaguely defined rules of legislation.

The Proposed New EU General Data Protection Regulation

2012 ◽  
Vol 13 (2) ◽  
Author(s):  
Peter Traung
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Net Benefit ◽  
General Data Protection Regulation ◽  
Administrative Burden ◽  
General Data ◽  
The Law ◽  
Compliance With The Law ◽  
Considerable Work ◽  
The Impact

AbstractAmong other things, the proposed General Data Protection Regulation aims at substantially reducing fragmentation, administrative burden and cost and to provide clear rules, simplifying the legal environment. This article argues that considerable work is needed to achieve those goals and that the proposal fails to provide either substantial legal certainty or simplification, that it adds administrative burden while leaving ample risk of fragmentation. In particular, the proposal misses the opportunity of strengthening data protection while achieving substantial simplification through abolishing the controller/ processor distinction and allowing transfers with no reduction of the controller’s liability. Large parts of the proposal depend entirely on clarification through delegated acts issued by the Commission. Prospects for those being adopted look dire. Failing either delegated acts or substantial redrafting, those parts may become dead letter or worse. There is a highly problematic obligation to “demonstrate compliance” with the law. The proportionate alternative to a number of other obligations on controllers, such as to maintain various documentation, appoint data protection officers etc, is to include such obligations as possible behavioural sanctions in case of a proven breach of the law. The proposal also appears to raise issues regarding freedom of movement. The impact assessment largely fails to demonstrate a need and net benefit from the proposed additional obligations. It also appears to severely underestimate the costs of the proposals, partly due to what appears to be arithmetic errors. The proposal does interestingly and rudimentarily put a value on personal data, but the approach could be extended.

22. Data protection: the legal framework

2019 ◽  
pp. 565-594
Author(s):  
Andrew Murray
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Legal Framework ◽  
Personal Privacy ◽  
General Data Protection Regulation ◽  
Key Concepts ◽  
General Data ◽  
Geographical Scope

This chapter examines data protection, digitization of data, its implications for personal privacy, and the regulation of data industries. It begins by discussing the current law found in the General Data Protection Regulation and the Data Protection Act 2018. It examines the key concepts of data controllers, data processors, and data subjects, and discusses the conditions for the processing of personal data. This includes an examination of key cases such as Nowak v Data Protection Commissioner and Bodil Lindqvist. It looks at the geographical scope of the GDPR and the extraterritorial effect of the Regulation, and examines the domestic purposes exemption after Ryneš.

scholarly journals Compatibility of a Security Policy for a Cloud-Based Healthcare System with the EU General Data Protection Regulation (GDPR)

Information ◽  
2020 ◽  
Vol 11 (12) ◽  
pp. 586
Author(s):  
Dimitra Georgiou ◽  
Costas Lambrinoudakis
Keyword(s):  
Healthcare System ◽  
Data Protection ◽  
Security Policy ◽  
Personal Data ◽  
Legal Framework ◽  
Healthcare Systems ◽  
Security And Privacy ◽  
Security Measures ◽  
General Data Protection Regulation ◽  
General Data

Currently, there are several challenges that cloud-based healthcare systems around the world are facing. The most important issue is to ensure security and privacy, or in other words, to ensure the confidentiality, integrity, and availability of the data. Although the main provisions for data security and privacy were present in the former legal framework for the protection of personal data, the General Data Protection Regulation (GDPR) introduces new concepts and new requirements. In this paper, we present the main changes and the key challenges of the GDPR and, at the same time, we present how a cloud-based security policy could be modified in order to be compliant with the GDPR, as well as how cloud environments can assist developers to build secure and GDPR compliant cloud-based healthcare systems. The major concept of this paper is dual-purpose; primarily, to facilitate cloud providers in comprehending the framework of the new GDPR and secondly, to identify security measures and security policy rules, for the protection of sensitive data in a cloud-based healthcare system, following our risk-based security policy methodology that assesses the associated security risks and takes into account different requirements from patients, hospitals, and various other professional and organizational actors.

scholarly journals Hacia un nuevo marco de transparencia durante los intercambios transnacionales de datos tributarios de carácter personal: el deber de informar

2018 ◽  
pp. 157-193
Author(s):  
Bernardo D. OLIVARES OLIVARES
Keyword(s):  
Data Protection ◽  
Minimum Degree ◽  
Personal Data ◽  
Legal Framework ◽  
General Data Protection Regulation ◽  
Legitimate Interests ◽  
General Data ◽  
Data Controller ◽  
Duty To Inform ◽  
Special Relevance

LABURPENA: Europar Batasuneko Datuak Babesteko Erregelamendu Orokorrak informazioa modu zilegi, zintzo eta gardenean tratatzea eskatzen du. Hain zuzen ere, azken printzipio horrek garrantzi handia dauka herritarren datuak eremu publikoan eskuratzeko, erabiltzeko eta lagatzeko orduan. Lan honek kritikoki jorratzen du printzipio horren proiekzioetako baten analisia: informatzeko betebeharrarena, alegia. Horretarako, esparru juridikoa aztertu dugu, arreta berezia jarriz erregelamendutik salbuesteko kasuek dakartzaten askotariko arazoei; izan ere, kasu horiek bere betebeharretik askatzen dute datuak tratatzeko arduraduna. Hainbat arazo hauteman ditugu, eta, horiek konpontzeko, arau berriak garatu eta interesdunaren bidezko interesak babesteko neurri egokiak ezarri beharko dira. Gutxieneko gardentasun-maila agertu behar da tratamenduetan, zergapekoek beren datuen erabilera kontrolatu dezaten EBko beste administrazio batzuekin informazioa trukatu ondoren. RESUMEN: El Reglamento General de Protección de Datos de la Unión Europea exige el tratamiento lícito, leal y transparente de la información. Precisamente, este último principio goza de especial relevancia durante la obtención, uso y cesión de los datos de los ciudadanos en el ámbito público. El presente trabajo aborda críticamente el análisis de una de sus proyecciones: el deber de información. Para ello examinamos su marco jurídico, prestando especial atención a los distintos problemas que plantean los supuestos de exención del Reglamento que permitirán liberar, al responsable del tratamiento, de su obligación. Hemos detectado diferentes problemas que necesitarían para su solución del desarrollo de nuevas normas y de la implantación de medidas adecuadas para proteger los intereses legítimos del interesado. Es preciso facilitar un mínimo grado de transparencia sobre los tratamientos con el objetivo de que los administrados controlen el uso de sus datos tras los intercambios de información con otras Administraciones de la UE. ABSTRACT: The General Data Protection Regulation requires that the personal data must be processed lawfully, fairly and in a transparent manner. Precisely, this last principle is of special relevance during the collection, use, and transfer of the citizens’ data. This paper critically addresses the analysis of one of its projections: the duty to inform. To do this, we examine its legal framework, paying particular attention to the various problems arising from its exemptions, which will allow the data controller to be exempt from his or her obligation. We have identified different problems that would need to be solved by the development of new regulations and from the implementation of appropriate measures in order to protect the legitimate interests of the data subjects. It is mandatory to provide a minimum degree of transparency during the processing to allow the citizens to control the use of their data after exchanges of information with other EU administrations.

scholarly journals Directive on certain aspects concerning contracts for the supply of digital content and digital services & the EU data protection legal framework: are worlds colliding?

2019 ◽  
Vol 5 (2) ◽  
pp. 34-42
Author(s):  
Maria De Almeida Alves
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Legal Framework ◽  
Digital Content ◽  
General Data Protection Regulation ◽  
Digital Services ◽  
European Data ◽  
General Data ◽  
The Eu

This Paper will address the interplay between the Directive on certain aspects concerning contracts for the supply of digital content and digital services and the current EU data protection framework, namely the General Data Protection Regulation. Albeit the Directive has the aim of protecting consumers, has it gone too far and made a crack in the data protection EU legal framework? Can personal data be treated as a commodity or is its scope as a counter-performance subject to a particular interpretation? I shall analyze these questions in light of the European Data Protection Supervisor’s Opinion 4/2017 and the European Data Protection Board’s Guidelines 2/2019.

scholarly journals The Impact of the GDPR on the Governance of Biobank Research

2021 ◽  
pp. 45-60
Author(s):  
Mahsa Shabani ◽  
Gauthier Chassang ◽  
Luca Marelli
Keyword(s):  
Personal Data ◽  
Genomic Data ◽  
Data Access ◽  
Policy Documents ◽  
General Data Protection Regulation ◽  
Biobank Research ◽  
Core Elements ◽  
General Data ◽  
The Impact ◽  
Technical Measures

AbstractGovernance of health and genomic data access in the context of biobanking is of salient importance in implementing the EU General Data Protection Regulation (GDPR). Various components of data access governance could be considered as ‘organizational measures’ which are stressed in the Article 89(1) GDPR together with technical measures that should be used in order to safeguard rights of the data subjects when processing data under research exemption rules. In this chapter, we address the core elements regarding governance of biobanks in the view of GDPR, including conditions for processing personal data, data access models, oversight bodies and data access agreements. We conclude by highlighting the importance of guidelines and policy documents in helping the biobanks in improving the data access governance. In addition, we stress that it is important to ensure the existing and emerging oversight bodies are equipped with adequate expertise regarding using and sharing health and genomic data and are aware of the associated informational risks.

scholarly journals Those Who Shall Be Identified: The Data Protection Aspects of the Legal Framework for Electronic Identification in the European Union

2021 ◽  
Vol 11 (2) ◽  
pp. 3-24
Author(s):  
Jozef Andraško ◽  
Matúš Mesarčík
Keyword(s):  
European Union ◽  
Data Processing ◽  
Data Protection ◽  
Mutual Recognition ◽  
Personal Data ◽  
Legal Framework ◽  
The European Union ◽  
General Data Protection Regulation ◽  
General Data

Abstract The article focuses on the intersections of the regulation of electronic identification as provided in the eIDAS Regulation and data protection rules in the European Union. The first part of the article is devoted to the explanation of the basic notions and framework related to the electronic identity in the European Union— the eIDAS Regulation. The second part of the article discusses specific intersections of the eIDAS Regulation with the General Data Protection Regulation (GDPR), specifically scope, the general data protection clause and mainly personal data processing in the context of mutual recognition of electronic identification means. The article aims to discuss the overlapping issues of the regulation of the GDPR and the eIDAS Regulation and provides a further guide for interpretation and implementation of the outcomes in practice.

scholarly journals Compatibility of a Security Policy for a Cloud-based Healthcare System with the EU General Data Protection Regulation (GDPR)

2020 ◽  
Author(s):  
Dimitra Georgiou ◽  
Costas Lambrinoudakis
Keyword(s):  
Data Protection ◽  
Security Policy ◽  
Health Care Systems ◽  
Personal Data ◽  
Legal Framework ◽  
Security And Privacy ◽  
Security Measures ◽  
Sensitive Data ◽  
General Data Protection Regulation ◽  
General Data

Currently, there are several challenges that Cloud-based health-care Systems, around the world, are facing. The most important issue is to ensure security and privacy or in other words to ensure the confidentiality, integrity and availability of the data. Although the main provisions for data security and privacy were present in the former legal framework for the protection of personal data, the General Data Protection Regulation (GDPR) introduces new concepts and new requirements. In this paper, we present the main changes and the key challenges of the General Data Protection Regulation, and also at the same time we present how the Cloud-based Security Policy methodology proposed in [1] could be modified in order to be compliant with the GDPR and how Cloud environments can assist developers to build secure and GDPR compliant Cloud-based health Systems. The major concept of this paper is, primarily, to facilitate Cloud Providers in comprehending the framework of the new General Data Protection Regulation and secondly, to identify security measures and security policy rules for the protection of sensitive data in a Cloud-based Health System, following our risk-based Security Policy Methodology that assesses the associated security risks and takes into account different requirements from patients, hospitals, and various other professional and organizational actors.

scholarly journals Assessment of the Impact of General Data Protection Regulation on Enterprise Security in the Russian Federation

2020 ◽  
pp. 66-75
Author(s):  
Ilya Livshitz ◽  
Keyword(s):  
Russian Federation ◽  
Data Protection ◽  
Personal Data ◽  
Protection System ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
General Data ◽  
The Russian Federation ◽  
The Cost ◽  
The Impact

Abstract The purpose of the study is to analyze the existing requirements for personal data security and assess the impact of these requirements on the enterprises security in the Russian Federation. Research method: the problem of ensuring the security of personal data in accordance with the requirements of the Federal law of the Russian Federation FZ-152 and the international General Data Protection Regulation is investigated. The article analyzes the possible risks of interrupting the normal activities of enterprises in the Russian Federation due to violations of these requirements for personal data protection and the imposition of significant fines by international regulators. Numerical relationships are estimated between the amount of fines for violations of established requirements, including General Data Protection Regulation, and the cost of creating an effectiveness personal data protection system. Estimates of the permissible degree of influence of the General Data Protection Regulation requirements on the enterprises security in the Russian Federation are obtained. Research result: a study and comparison of possible penalties for violation of compliance with the requirements of the Federal law of the Russian Federation FZ-152 and the international General Data Protection Regulation was performed. Risk assessments of sanctions for violation of the established requirements for personal data protection were obtained. The analysis of the cost of preparing a personal data protection system for compliance with the requirements of the General Data Protection Regulation was performed. Based on the data obtained, examples of calculating the degree of maturity of the security system are presented – based on the ratio of the share of the budget allocated for security in relation to the cost of creating an effectiveness personal data protection system and based on the ratio of the amount of the fine for violation of the established requirements. The importance of accounting for the costs of personal data security to ensure the security of enterprises in the Russian Federation, taking into account the requirements of the General Data Protection Regulation, is shown

Sign in / Sign up

Export Citation Format

Share Document