EUROPEAN UNION DATA PROTECTION LAW AND MEDIA EXPRESSION: FUNDAMENTALLY OFF BALANCE

AbstractThe European Data Protection Directive 95/46/EC requires all European Economic Area (EEA) jurisdictions to provide an equivalent regime protecting the privacy and other fundamental rights and freedoms of natural persons in relation to personal data processing, whilst also shielding media expression from the default substantive requirements as necessary to ensure a balance between fundamental rights. Through a comprehensive coding of the derogations set out in each jurisdiction's data protection laws, this article provides the first systematic analysis of whether this has in fact been achieved. It is demonstrated that there is a total lack of even minimal harmonization in this area, with many laws providing for patently unbalanced results especially as regards the publication of sensitive information, which includes criminal convictions and political opinion, and the collection of information without notice direct from the data subject. This reality radically undermines European data protection's twin purposes of ensuring the free flow of personal data and protecting fundamental rights, an outcome which remains largely unaddressed by the proposed new Data Protection Regulation. Practical suggestions are put forward to ameliorate these troubling inconsistencies within the current process of reform.

Download Full-text

The GDPR as Global Data Protection Regulation?

AJIL Unbound ◽

10.1017/aju.2019.80 ◽

2020 ◽

Vol 114 ◽

pp. 5-9 ◽

Cited By ~ 2

Author(s):

Cedric Ryngaert ◽

Mistale Taylor

Keyword(s):

International Law ◽

Data Protection ◽

Personal Data ◽

Fundamental Rights ◽

General Data Protection Regulation ◽

Data Protection Directive ◽

Protection Legislation ◽

General Data ◽

Global Data ◽

The Eu

The deterritorialization of the Internet and international communications technology has given rise to acute jurisdictional questions regarding who may regulate online activities. In the absence of a global regulator, states act unilaterally, applying their own laws to transborder activities. The EU's “extraterritorial” application of its data protection legislation—initially the Data Protection Directive (DPD) and, since 2018, the General Data Protection Regulation (GDPR)—is a case in point. The GDPR applies to “the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to: (a) the offering of goods or services . . . to such data subjects in the Union; or (b) the monitoring of their behaviour . . . within the Union.” It also conditions data transfers outside the EU on third states having adequate (meaning essentially equivalent) data protection standards. This essay outlines forms of extraterritoriality evident in EU data protection law, which could be legitimized by certain fundamental rights obligations. It then looks at how the EU balances data protection with third states’ countervailing interests. This approach can involve burdens not only for third states or corporations, but also for the EU political branches themselves. EU law viewed through the lens of public international law shows how local regulation is going global, despite its goal of protecting only EU data subjects.

Download Full-text

The HES-code and the data protection during COVID-19 pandemic in Turkey

Bioethica ◽

10.12681/bioeth.28163 ◽

2021 ◽

Vol 7 (2) ◽

pp. 69

Author(s):

Sabah Mine Cangil

Keyword(s):

Data Protection ◽

Mobile Applications ◽

Personal Data ◽

Health Data ◽

Fundamental Rights ◽

Legal Issues ◽

Legal Problems ◽

Fundamental Rights And Freedoms ◽

The Individual

Mobile applications are a beneficial tool to fight the coronavirus. With the mobile tracing applications, it became easier to cut the chain of transmission of the virus and reduce the number of daily cases. Many countries developed their applications and made them available to their citizens. While using these applications, it is necessary to protect the fundamental rights and freedoms of the individual. This frequent processing of individuals' health data has created legal problems regarding the protection of personal data. The purpose of this paper is to present a study on the Turkish Covid-19 tracing application “Hayat Eve Sığar-HES” and the legal issues behind the application.

Download Full-text

Cross-Border Transfer of Personal Data

Cyber Crime ◽

10.4018/978-1-61350-323-2.ch409 ◽

2013 ◽

pp. 832-850

Author(s):

Grigore-Octav Stan ◽

Georgiana Ghitu

Keyword(s):

Data Protection ◽

Data Transfer ◽

Personal Data ◽

European Economic Area ◽

The European Union ◽

Legal Regime ◽

Cross Border ◽

Data Protection Directive ◽

High Level ◽

Insight Into

This chapter outlines the Romanian data protection legal regime governing the cross-border transfers of personal data, both to countries located in the European Union (EU) or in the European Economic Area (EEA), as well as to non-EU or non-EEA countries. In addressing the Romanian legal requirements related to international transfers of personal data, a high level insight into the background of Romanian data protection principles and main rules applicable in the broader context of privacy proves useful. Although this chapter analyzes mainly the Romanian legal regime of data protection, with a special emphasis on cross-border transfer of personal data, a similar interpretation and application of the data protection related requirements may also be encountered in other European jurisdictions. While expounding primarily on data transfer related matters, this chapter also looks at how the EU Data Protection Directive (Directive No. 95/46 EC), as well as the relevant secondary legislation in the field of data protection, has been implemented into Romanian law.

Download Full-text

European Data Protection Regulation and ‘Non-Journalistic’ Traditional Publishers

European Data Protection Regulation, Journalism, and Traditional Publishers ◽

10.1093/oso/9780198841982.003.0010 ◽

2019 ◽

pp. 209-223

Author(s):

David Erdos

Keyword(s):

Data Protection ◽

First Generation ◽

Second Generation ◽

Early Period ◽

State Level ◽

European Economic Area ◽

European Data ◽

Data Protection Directive ◽

Regulatory Approach ◽

Professional Artists

This chapter explores both the statutory law applicable and the regulatory approach taken to the activity of professional artists and writers outside journalism under European data protection as it developed until the end of the Data Protection Directive (DPD) era. It is found that no pan-European data protection instrument prior to the DPD addressed this interface and such a lacuna was also reflected in the majority of first-generation data protection laws adopted at State-level. In contrast, the DPD provides special (but not absolute) derogations not just for ‘journalistic purposes’ but also for ‘literary and artistic expression’ and this was reflected in the second-generation laws of approximately two-thirds of European Economic Area (EEA) States. Despite falling within data protection’s scope, Data Protection Authorities (DPAs) have generally avoided addressing these actors’ positions. In the early period, the Swedish DPA proved a partial exception to this by publishing guidance on media created on CD-ROMs and even attempted to set license conditions for the use of a computer to produce a book manuscript. Under second-generation data protection, both the Italian and Maltese DPAs issued some specific guidance and the Italian and Slovenian engaged in concrete enforcement. These interventions pointed to a lack of consistency as regards applicable norms. Thus, whilst the Italian DPA crafted a deferential approach based on contextual rights balancing, the Maltese and Slovenian DPAs developed a much more peremptory and restrictive perspective at least as regards photographic images.

Download Full-text

Foundations of Data Protection Law

The Right to Erasure in EU Data Protection Law ◽

10.1093/oso/9780198847977.003.0002 ◽

2020 ◽

pp. 37-116

Author(s):

Jef Ausloos

Keyword(s):

Data Protection ◽

Personal Data ◽

Fundamental Rights ◽

Historical Overview ◽

Legislative History ◽

Ex Post ◽

Technological Developments ◽

Data Protection Law ◽

Fundamental Rights And Freedoms ◽

The Right

Chapter 2 lays the groundwork for the rest of the book, clearly delineating the fundamental right to data protection, its relation to the GDPR, and the right to erasure in it. The historical overview demonstrates that the emergence of data protection is inherently tied to technological developments and how these may amplify power asymmetries. It is also made clear that informational self-determination or control over personal data lies at the heart of the fundamental right to data protection as proclaimed in Article 8 Charter. This is a clear difference with the GDPR that has a much wider prerogative, ie protecting all fundamental rights and freedoms whenever personal data is being processed. Put differently, whereas Article 8 Charter safeguards a minimum level of control over one’s personal data, the GDPR installs a fair balancing framework that safeguards any and all fundamental rights and freedoms as they are affected by the processing of personal data. The substantive provisions of the GDPR can be divided into four categories along the lines of ex ante v ex post and protective v empowerment measures (see data protection matrix). This chapter ends with positioning the right to erasure within the GDPR’s arsenal of ex post empowerment measures, describing its legislative history as well as its main benefits and drawbacks.

Download Full-text

Cross-Border Transfer of Personal Data

Personal Data Privacy and Protection in a Surveillance Era ◽

10.4018/978-1-60960-083-9.ch017 ◽

2011 ◽

pp. 298-316

Author(s):

Grigore-Octav Stan ◽

Georgiana Ghitu

Keyword(s):

Data Protection ◽

Data Transfer ◽

Personal Data ◽

European Economic Area ◽

The European Union ◽

Legal Regime ◽

Cross Border ◽

Data Protection Directive ◽

High Level ◽

Insight Into

Download Full-text

Third-Generation European Data Protection Law and Professional Journalism

European Data Protection Regulation, Journalism, and Traditional Publishers ◽

10.1093/oso/9780198841982.003.0008 ◽

2019 ◽

pp. 151-181

Author(s):

David Erdos

Keyword(s):

Data Protection ◽

Local Level ◽

Self Regulation ◽

Fundamental Rights ◽

European Economic Area ◽

General Data Protection Regulation ◽

Northern European ◽

Data Protection Directive ◽

Data Protection Authority ◽

General Data

This chapter explores the legislative interface between data protection and the professional journalistic media under the General Data Protection Regulation (GDPR). Like the Data Protection Directive (DPD), the GDPR mandates that States adopt derogations ‘necessary’ for reconciling two competing fundamental rights. However, broadly mirroring the situation under the DPD, there remain considerable differences at local level. Northern European countries have tended to set out wide and deep derogations for journalism, whilst Southern and Eastern Europe have often stipulated that this activity adhere to strict data protection standards. These differences map on to broader cultural fissures as regards attitudes to individualism, uncertainty avoidance, and power differences in society. Nevertheless, these outcomes are slightly more balanced than under the DPD. In particular, almost half the States have set out partial statutory limits to the supervisory powers of the Data Protection Authority here. Approximately one-third of States also continue to formalize a co-regulatory connection between statutory and self-regulation. However, a widespread problem has emerged concerning the statutory treatment of media/news archiving. In sum, although the GDPR mandates derogations here, only around one-third of European Economic Area (EEA) States have explicitly provided that the journalism regime can apply to public interest archiving which is subject to its own default regime in the GDPR.

Download Full-text

Confusing Fundamental Rights Protection in Europe: Loopholes in European Fundamental Rights Protection Exemplified on European Data Protection Rules

SSRN Electronic Journal ◽

10.2139/ssrn.1348472 ◽

2009 ◽

Author(s):

Franziska Boehm

Keyword(s):

Data Protection ◽

Fundamental Rights ◽

Rights Protection ◽

European Data

Download Full-text

The EU General Data Protection Regulation (GDPR)

10.1093/oso/9780198826491.001.0001 ◽

2020 ◽

Cited By ~ 1

Keyword(s):

Data Protection ◽

Personal Data ◽

Privacy Regulation ◽

General Data Protection Regulation ◽

Data Protection Directive ◽

Ongoing Work ◽

Protection Legislation ◽

Recent Reform ◽

General Data ◽

The Eu

This new book provides an article-by-article commentary on the new EU General Data Protection Regulation. Adopted in April 2016 and applicable from May 2018, the GDPR is the centrepiece of the recent reform of the EU regulatory framework for protection of personal data. It replaces the 1995 EU Data Protection Directive and has become the most significant piece of data protection legislation anywhere in the world. This book is edited by three leading authorities and written by a team of expert specialists in the field from around the EU and representing different sectors (including academia, the EU institutions, data protection authorities, and the private sector), thus providing a pan-European analysis of the GDPR. It examines each article of the GDPR in sequential order and explains how its provisions work, thus allowing the reader to easily and quickly elucidate the meaning of individual articles. An introductory chapter provides an overview of the background to the GDPR and its place in the greater structure of EU law and human rights law. Account is also taken of closely linked legal instruments, such as the Directive on Data Protection and Law Enforcement that was adopted concurrently with the GDPR, and of the ongoing work on the proposed new E-Privacy Regulation.

Download Full-text

Data Protection

Commentary on the European Insolvency Regulation ◽

10.1093/oso/9780198727286.003.0006 ◽

2016 ◽

Author(s):

Tibor Tajti

Keyword(s):

Data Protection ◽

Personal Data ◽

Commercial Law ◽

Insolvency Law ◽

Member States ◽

Privacy Law ◽

Data Protection Directive ◽

Data Protection Law ◽

Made In

Chapter VI is a new chapter in the EIR. Its presence signals the importance that data protection law has gained in Europe since the adoption of the Data Protection Directive 95/46/EC (DPD) and Regulation 45/2001. Although the DPD is not—though it comes close to—a maximum harmonisation directive, its implementation by Member States by the end of 1998 increased data protection standards on national levels as well. Yet the concrete reason that led to the addition of this Chapter is the expanded scope of the EIR as far as the exchange and publication of personal data is concerned. The expansion and thus the enhanced need for data protection is due in particular to the provision made in the recast EIR for newly established interconnected national insolvency registers, accessible via the European e-Justice Portal. This provision has been made at a time when data protection law is increasingly recognised as a ‘stand-alone’ subject, emancipated from privacy law, as expressed indirectly also by the popularisation of the ‘data protection’ nomenclature originating in the German term ‘Datenschutz’. This has clear implications for private and commercial law, including insolvency law.

Download Full-text