Data Protection in UK Library and Information Services: Are We Ready for GDPR?

2018 ◽  
Vol 18 (1) ◽  
pp. 28-34 ◽  
Author(s):  
Josephine Bailey
Keyword(s):  
Data Protection ◽  
Data Security ◽  
Current Data ◽  
Information Services ◽  
Security And Privacy ◽  
Privacy Concerns ◽  
General Data Protection Regulation ◽  
General Data ◽  
Data Protection Law

AbstractAgainst a backdrop of increasing data security and privacy concerns, current data protection law will soon be overhauled by the General Data Protection Regulation (GDPR). Previous research has indicated a lack of data protection management in libraries, however, it has been nine years since the latest study. This article by Josephine Bailey aims to provide an updated review of the extent of data protection management in UK library and information services and gauge preparation for the incoming GDPR.

The Proposed Data Protection Regulation: The Illusion of Harmonisation, the Private/Public Sector Divide and the Bureaucratic Apparatus

2013 ◽  
Vol 15 ◽  
pp. 27-46 ◽  
Author(s):  
Peter Blume ◽  
Christian Wiese Svanberg
Keyword(s):  
Data Protection ◽  
Current Data ◽  
General Data Protection Regulation ◽  
Data Protection Directive ◽  
Central Elements ◽  
Scope Of Application ◽  
General Data ◽  
Data Protection Law ◽  
Draft Regulation ◽  
Practical Implications

AbstractThe proposal for a new General Data Protection Regulation has been billed as a harbinger of increased harmonisation, better enforcement and modernised rules within the area of data protection law. Through an analysis of several central elements in the draft Regulation—and European data protection law in general—as well as an assessment of the practical implications the proposal is likely to have if adopted, this chapter challenges whether the proposal will be able to deliver the harmonised rules that have been promised. It focuses particularly on the proposed regulations scope of application, its legal architecture, the use of discretionary provisions and related issues.It is argued that the proposal not only fails to address the root causes of why the current data protection directive (Directive 95/46) failed to bring about harmonisation and effective rules, but also looks set to transplant them into the new regulation.

scholarly journals Office 365 v. Google Apps: A data protection perspective

2015 ◽  
Vol 9 (1) ◽  
pp. 85-109
Author(s):  
Jan Tomíšek
Keyword(s):  
Data Protection ◽  
Current Data ◽  
Cloud Provider ◽  
General Data Protection Regulation ◽  
Data Processor ◽  
General Data ◽  
Data Protection Law ◽  
Microsoft Office ◽  
Data Controller ◽  
Google Apps

This article lists the requirements of European data protection law as regards the contents of a contract between cloud provider and cloud client. Based on these requirements the contracts for the provision of Google Apps for Work and Microsoft Office 365 for small and medium enterprises are evaluated and compared from the data protection perspective. The article also discusses the shortcomings of the current legal framework for data protection with regard to cloud computing, and analyses the possible improvements made by the General Data Protection Regulation.A cloud client usually plays the role of a data controller, while the provider may be a data controller, data processor or he may not fall under the scope of data protection law. The relationship between the client and cloud provider, as a data processor, must be governed by a contract stating that the provider is bound by the instructions of the client as well as describing the security measures.The contract for Microsoft Office 365 was found to be compliant with data protection law. The contract for Google Apps for Work suffers from several deficiencies that may cause a breach of data protection law.The current data protection framework lacks unification, clarity and scalability. With the exception of unification, the General Data Protection Regulation is not expected to bring a substantial improvement if it is adopted using the proposed wording. To cope with the current law, cloud clients and providers may use the Cloud Service Level Agreement Standardisation Guidelines.

The General Data Protection Regulation: the Next Generation of EU Data Protection

2018 ◽  
Vol 18 (1) ◽  
pp. 21-28 ◽  
Author(s):  
Sahar Bhaimia
Keyword(s):  
Data Protection ◽  
Information Services ◽  
Next Generation ◽  
General Data Protection Regulation ◽  
Data Protection Directive ◽  
General Data ◽  
Data Protection Law ◽  
The Uk ◽  
The Eu

AbstractThis article, written by Sahar Bhaimia, presents an overview of the General Data Protection Regulation (EU) (2016/679) (GDPR) which will apply automatically across the EU on 25 May 2018. The GDPR is an update and reform of existing EU data protection law, first established by the Data Protection Directive (1995/46/EC). The article is for knowledge managers and information services professionals who may be asked to take on responsibility for GDPR, and focuses on the UK. It covers the fundamentals of EU data protection law, highlights key changes brought about by the GDPR, and provides practical tips and suggestions for knowledge managers.

The Proposed Data Protection Regulation: The Illusion of Harmonisation, the Private/Public Sector Divide and the Bureaucratic Apparatus

2013 ◽  
Vol 15 ◽  
pp. 27-46
Author(s):  
Peter Blume ◽  
Christian Wiese Svanberg
Keyword(s):  
Data Protection ◽  
Current Data ◽  
General Data Protection Regulation ◽  
Data Protection Directive ◽  
Central Elements ◽  
Scope Of Application ◽  
General Data ◽  
Data Protection Law ◽  
Draft Regulation ◽  
Practical Implications

Abstract The proposal for a new General Data Protection Regulation has been billed as a harbinger of increased harmonisation, better enforcement and modernised rules within the area of data protection law. Through an analysis of several central elements in the draft Regulation—and European data protection law in general—as well as an assessment of the practical implications the proposal is likely to have if adopted, this chapter challenges whether the proposal will be able to deliver the harmonised rules that have been promised. It focuses particularly on the proposed regulations scope of application, its legal architecture, the use of discretionary provisions and related issues. It is argued that the proposal not only fails to address the root causes of why the current data protection directive (Directive 95/46) failed to bring about harmonisation and effective rules, but also looks set to transplant them into the new regulation.

The Risk-Based Approach to Data Protection

2020 ◽  
Author(s):  
Raphaël Gellert
Keyword(s):  
Risk Management ◽  
Data Protection ◽  
Personal Data ◽  
Management Tools ◽  
General Data Protection Regulation ◽  
Regulation Theory ◽  
Régulation Theory ◽  
General Data ◽  
Data Protection Law ◽  
The Way

The main goal of this book is to provide an understanding of what is commonly referred to as “the risk-based approach to data protection”. An expression that came to the fore during the overhaul process of the EU’s General Data Protection Regulation (GDPR)—even though it can also be found in other statutes under different acceptations. At its core it consists in endowing the regulated organisation that process personal data with increased responsibility for complying with data protection mandates. Such increased compliance duties are performed through risk management tools. It addresses this topic from various perspectives. In framing the risk-based approach as the latest model of a series of regulation models, the book provides an analysis of data protection law from the perspective of regulation theory as well as risk and risk management literatures, and their mutual interlinkages. Further, it provides an overview of the policy developments that led to the adoption of such an approach, which it discusses in the light of regulation theory. It also includes various discussions pertaining to the risk-based approach’s scope and meaning, to the way it has been uptaken in statutes including key provisions such as accountability and data protection impact assessments, or to its potential and limitations. Finally, it analyses how the risk-based approach can be implemented in practice by providing technical analyses of various data protection risk management methodologies.

Protecting Genetic Privacy in Biobanking through Data Protection Law

2021 ◽  
Author(s):  
Dara Hallinan
Keyword(s):  
Data Protection ◽  
Critical Infrastructure ◽  
Legal Framework ◽  
Privacy Rights ◽  
Genetic Privacy ◽  
General Data Protection Regulation ◽  
General Data ◽  
Research Biobanks ◽  
The Subject ◽  
Data Protection Law

Biobanks are critical infrastructure for medical research. Biobanks, however, are also the subject of considerable ethical and legal uncertainty. Given that biobanks process large quantities of genomic data, questions have emerged as to how genetic privacy should be protected. What types of genetic privacy rights and rights holders should be protected and to what extent? Since 25 May 2018, the General Data Protection Regulation (GDPR) has applied and now occupies a key position in the European legal framework for the regulation of biobanking. This book takes an in-depth look at the function, problems, and opportunities presented by European data protection law under the GDPR as a framework for the protection of genetic privacy in biobanking. It argues that the substantive framework presented by the GDPR already offers an admirable baseline level of protection for the range of genetic privacy rights engaged by biobanking. The book further contends that while numerous problems with this standard of protection are indeed identifiable, the GDPR offers the flexibility to accommodate solutions to these problems, as well as the procedural mechanisms to realise these solutions.

The Second Internet: The Brussels Bourgeois Internet

2021 ◽  
pp. 77-91
Author(s):  
Kieron O’Hara
Keyword(s):  
European Union ◽  
Public Space ◽  
Data Protection ◽  
The European Union ◽  
Privacy Rights ◽  
General Data Protection Regulation ◽  
Internet Privacy ◽  
Data Protection Directive ◽  
General Data ◽  
Data Protection Law

This chapter describes the Brussels Bourgeois Internet. The ideal consists of positive, managed liberty where rights of others are respected, as in the bourgeois public space, where liberty follows only when rights are secured. The exemplar of this approach is the European Union, which uses administrative means, soft law, and regulation to project its vision across the Internet. Privacy and data protection have become the most emblematic struggles. Under the Data Protection Directive of 1995, the European Union developed data-protection law and numerous privacy rights, including a right to be forgotten, won in a case against Google Spain in 2014, the arguments about which are dissected. The General Data Protection Regulation (GDPR) followed in 2018, amplifying this approach. GDPR is having the effect of enforcing European data-protection law on international players (the ‘Brussels effect’), while the European Union over the years has developed unmatched expertise in data-protection law.

Enhancing Compliance under the General Data Protection Regulation: The Risky Upshot of the Accountability- and Risk-based Approach

2018 ◽  
Vol 9 (3) ◽  
pp. 502-526 ◽  
Author(s):  
Claudia QUELLE
Keyword(s):  
Data Protection ◽  
Fundamental Rights ◽  
New Approach ◽  
General Data Protection Regulation ◽  
Legal Norms ◽  
Improve Compliance ◽  
Rules And Principles ◽  
General Data ◽  
Data Protection Law ◽  
Fundamental Rights And Freedoms

The risk-based approach has been introduced to the General Data Protection Regulation (GDPR) to make the rules and principles of data protection law “work better”. Organisations are required to calibrate the legal norms in the GDPR with an eye to the risks posed to the rights and freedoms of individuals. This article is devoted to an analysis of the way in which this new approach relates to “tick-box” compliance. How can the law enhance itself? If handled properly by controllers and supervisory authorities, the risk-based approach can bring about a valuable shift in data protection towards substantive protection of fundamental rights and freedoms. While the risk-based approach has a lot of potential, it also has a risk of its own: it relies on controllers to improve compliance, formulating what it means to attain compliance 2.0.

EU Data Protection Law: The Review of Directive 95/46/EC and the General Data Protection Regulation

2017 ◽  
Author(s):  
Peter Hustinx
Keyword(s):  
Data Protection ◽  
Legal Framework ◽  
Fundamental Rights ◽  
Full Potential ◽  
General Data Protection Regulation ◽  
Gradual Development ◽  
Charter Of Fundamental Rights ◽  
General Data ◽  
Data Protection Law ◽  
The Difference

This chapter looks at the origins and the current state of EU data protection law, and highlights the context of the ongoing review of Directive 95/46/EC as its key instrument, as well as the main lines of the proposed General Data Protection Regulation which will replace the Directive in the near future. The analysis shows a gradual development along two lines: one aiming at stronger rights in order to provide more effective protection, and one ensuring more consistent application of those rights across the EU. It also demonstrates the increasing impact of the Charter of Fundamental Rights, both in the case law of the Court of Justice and in the review of the legal framework. At the same time, it is argued that a lack of awareness of the difference in character between Articles 7 and 8 of the Charter could prevent Article 8 from reaching its full potential.

scholarly journals GDPR: Is your consent valid?

2020 ◽  
Vol 37 (1) ◽  
pp. 19-24
Author(s):  
Stephen Breen ◽  
Karim Ouazzane ◽  
Preeti Patel
Keyword(s):  
Information Systems ◽  
Data Protection ◽  
Personal Data ◽  
Data Driven ◽  
Privacy Concerns ◽  
General Data Protection Regulation ◽  
Philosophical Background ◽  
General Data ◽  
Compliance With The Law ◽  
Point Of Departure

The General Data Protection Regulation (GDPR) 2018 imposes much greater demands on companies to address the rights of individuals who provide data, that is, Data Subjects. The new law requires a much more transparent approach to gaining consent to process personal data. However, few obvious changes to how consent is gained from Data Subjects to comply with this. Many companies are running the risk of non-compliance with the law if they fail to address how data are obtained and the lack of true consent which Data Subjects currently give to their data being processed. Consent is a complex philosophical principle which relies on the person giving the consent being in full possession of the facts, this article explores the philosophical background of consent and examines the circumstances which were the point of departure for the debate on consent and attempts to develop an understanding of it in the context of the growing influence of information systems and the data-driven economy. The GDPR has gone further than any other regulation or law to date in developing an understanding of consent to address personal data and privacy concerns.

Sign in / Sign up

Export Citation Format

Share Document