Healthcare data governance in the EU: Main challenges in personal data protection

2022 ◽  
pp. 319-336
Author(s):  
Federico Costantini ◽  
Giada Soncini
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Data Governance ◽  
Healthcare Data ◽  
Personal Data Protection ◽  
The Eu

Legislative discourse of digital governance: a corpus-driven comparative study of laws in the European Union and China

2021 ◽  
Vol 0 (0) ◽  
Author(s):  
Siyue Li ◽  
Chunyu Kit
Keyword(s):  
European Union ◽  
Data Protection ◽  
Data Security ◽  
Personal Data ◽  
The European Union ◽  
Data Governance ◽  
Personal Data Protection ◽  
Cross Border ◽  
Digital Governance ◽  
The Eu

Abstract Based on the self-compiled corpora of the European Union and Chinese laws on data governance, this study adopts a corpus-driven approach to comparatively study the legislative design of the EU and China on digital governance, especially on key issues such as data protection, data processing and utilization, and cross-border data transfer. It is found through corpus analysis that the EU has developed a relatively comprehensive data protection system, which internally focuses on the protection of individual data rights and externally sets high standards on the cross-border transfer of data. Despite the data protection paradigm as it manifests, the EU is facing new challenges on data exportation, data jurisdiction in the competitive digital marketplace. Shared the same concern on the data protection legislation, Chinese data law has made significant progress in personal data protection with the nascent enactment of Data Security Law and Personal Data Protection Law. Notably, Chinese legislation features the hierarchal taxonomy of data under the principle of the national security exception, while it requires more legislative skills, flexible response mechanisms, and more subordinate laws to prevent future data security threats. Moreover, the corpus-driven method conducted in this study provides evidential insights for the comparative legal textual studies across jurisdictions.

scholarly journals Privacy, security, legal and technology acceptance elicited and consolidated requirements for a GDPR compliance platform

2020 ◽  
Vol 28 (4) ◽  
pp. 531-553 ◽  
Author(s):  
Aggeliki Tsohou ◽  
Emmanouil Magkos ◽  
Haralambos Mouratidis ◽  
George Chrysoloras ◽  
Luca Piras ◽  
...  
Keyword(s):  
Technology Acceptance ◽  
Data Protection ◽  
Personal Data ◽  
Secondary Process ◽  
Multiple Perspectives ◽  
Data Governance ◽  
Content Type ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
Eu Project

Purpose General data protection regulation (GDPR) entered into force in May 2018 for enhancing personal data protection. Even though GDPR leads toward many advantages for the data subjects it turned out to be a significant challenge. Organizations need to implement long and complex changes to become GDPR compliant. Data subjects are empowered with new rights, which, however, they need to become aware of. GDPR compliance is a challenging matter for the relevant stakeholders calls for a software platform that can support their needs. The aim of data governance for supporting GDPR (DEFeND) EU project is to deliver such a platform. The purpose of this paper is to describe the process, within the DEFeND EU project, for eliciting and analyzing requirements for such a complex platform. Design/methodology/approach The platform needs to satisfy legal and privacy requirements and provide functionalities that data controllers request for supporting GDPR compliance. Further, it needs to satisfy acceptance requirements, for assuring that its users will embrace and use the platform. In this paper, the authors describe the methodology for eliciting and analyzing requirements for such a complex platform, by analyzing data attained by stakeholders from different sectors. Findings The findings provide the process for the DEFeND platform requirements’ elicitation and an indicative sample of those. The authors also describe the implementation of a secondary process for consolidating the elicited requirements into a consistent set of platform requirements. Practical implications The proposed software engineering methodology and data collection tools (i.e. questionnaires) are expected to have a significant impact for software engineers in academia and industry. Social implications It is reported repeatedly that data controllers face difficulties in complying with the GDPR. The study aims to offer mechanisms and tools that can assist organizations to comply with the GDPR, thus, offering a significant boost toward the European personal data protection objectives. Originality/value This is the first paper, according to the best of the authors’ knowledge, to provide software requirements for a GDPR compliance platform, including multiple perspectives.

scholarly journals Applicable Law to Transnational Personal Data: Trends and Dynamics

2020 ◽  
Vol 21 (6) ◽  
pp. 1283-1308
Author(s):  
Jie (Jeanne) Huang
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Chinese Media ◽  
Applicable Law ◽  
Personal Data Protection ◽  
Regional Coordination ◽  
The Law ◽  
Model Law ◽  
The Right ◽  
The Eu

AbstractThe recent COVID-19 outbreak has pushed the tension of protecting personal data in a transnational context to an apex. Using a real case where the personal data of an international traveler was illegally released by Chinese media, this Article identifies three trends that have emerged at each stage of conflict-of-laws analysis for lex causae: (1) The EU, the US, and China characterize the right to personal data differently; (2) the spread-out unilateral applicable law approach comes from the fact that all three jurisdictions either consider the law for personal data protection as a mandatory law or adopt connecting factors leading to the law of the forum; and (3) the EU and China strongly advocate deAmericanization of substantive data protection laws. The trends and their dynamics provide valuable implications for developing the choice of laws for transnational personal data. First, this finding informs parties that jurisdiction is a predominant issue in data breach cases because courts and regulators would apply the law of the forum. Second, currently, there is no international treaty or model law on choice-of-law issues for transnational personal data. International harmonization efforts will be a long and difficult journey considering how the trends demonstrate not only the states’ irreconcilable interests but also how states may consider these interests as their fundamental values that they do not want to trade off. Therefore, for states and international organizations, a feasible priority is to achieve regional coordination or interoperation among states with similar values on personal data protection.

scholarly journals Should Fundamental Rights to Privacy and Data Protection be a Part of the EU's International Trade ‘Deals’?

2017 ◽  
Vol 17 (3) ◽  
pp. 477-508 ◽  
Author(s):  
SVETLANA YAKOVLEVA
Keyword(s):  
International Trade ◽  
Data Protection ◽  
Personal Data ◽  
Trade Agreements ◽  
Two Dimensions ◽  
Fundamental Rights ◽  
International Trade Agreements ◽  
Personal Data Protection ◽  
Trade Deals ◽  
The Eu

AbstractThis article discusses ways in which the General Agreement on Trade in Services (GATS) and post-GATS free trade agreements may limit the EU's ability to regulate privacy and personal data protection as fundamental rights. After discussing this issue in two dimensions – the vertical relationship between trade and national and European Union (EU) law, and the horizontal relationship between trade and human rights law – the author concludes that these limits are real and pose serious risks.Inspired by recent developments in safeguarding labour, and environmental standards and sustainable development, the article argues that privacy and personal data protection should be part of, and protected by, international trade deals made by the EU. The EU should negotiate future international trade agreements with the objective of allowing them to reflect the normative foundations of privacy and personal data protection. This article suggests a specific way to achieve this objective.

scholarly journals Projekt reformy ochrony danych osobowych - czy rzeczywiście powstanie jednolity i spójny system?

2014 ◽  
pp. 93-125
Author(s):  
Agnieszka Grzelak
Keyword(s):  
Comparative Analysis ◽  
European Commission ◽  
Data Protection ◽  
Legal Status ◽  
Personal Data ◽  
General System ◽  
Consistent System ◽  
Personal Data Protection ◽  
Criminal Matters ◽  
The Eu

In January 2014 two years passed since the European Commission presented a package of reforms of the system of personal data protection in the EU. Com‑ mission proposed to create, in its opinion, a uniform and consistent system across the EU. The idea of the paper is to answer the question whether the Commission’s proposal to adopt two separate acts (one as a general system, and the second for cooperation in criminal matters and police), should meet the proposed assumptions. In order to analyze that, first the treaty background is presented, then current legal status in the field of personal data in the EU, and finally a comparative analysis of the solutions of the two drafts. The analysis leads to the conclusion that there are serious concerns about the lack of consistency.

Sign in / Sign up

Export Citation Format

Share Document