scholarly journals A Comparative Study of the APEC Privacy Framework- A New Voice in the Data Protection Dialogue?

2008 ◽  
Vol 3 ◽  
pp. 1-44
Author(s):  
Johanna G. Tan
Keyword(s):  
Comparative Study ◽  
Data Protection ◽  
Personal Data ◽  
Eu Member States ◽  
Cross Border ◽  
Eu Directive ◽  
Free Flow Of Information ◽  
International Conventions ◽  
Flow Of Information ◽  
The Eu

AbstractThe dialogue on data protection has so far been dominated by European and American voices. There are currently a few international conventions in place such as the Council of Europe's 1981 Convention for the Protection of Individuals with regard to the Automatic processing of personal data, the 1980 OECD Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data , which apply to 30 OECD countries, and the EU Directive 95/46/EC on the protection of individuals with regard to the processing of personal data, which binds EU member states but has had some impact on non-European countries due to the restriction on cross border flow of information.This has changed with the emergence of the APEC Privacy Framework in 2004 which focuses on the importance of the free flow of information in the digital age. Does the APEC Privacy Framework have anything of value to add or does it dilute the standards already in place? This article will examine these questions and argue that perhaps the APEC Privacy Framework is the first step towards a truly global standard for data protection.

scholarly journals GEOGRAPHIC DATA AS PERSONAL DATA IN FOUR EU MEMBER STATES

2016 ◽  
Vol III-2 ◽  
pp. 151-157 ◽  
Author(s):  
A. J. de Jong ◽  
B. van Loenen ◽  
J. A. Zevenbergen
Keyword(s):  
Data Protection ◽  
Large Scale ◽  
Personal Data ◽  
Topographic Maps ◽  
Member States ◽  
Eu Member States ◽  
Eu Directive ◽  
Geographic Data ◽  
Protection Legislation ◽  
The Eu

The EU Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data aims at harmonising data protection legislation in the European Union. This should promote the free flow of products and services within the EU. This research found a wide variety of interpretations of the application of data protection legislation to geographic data. The variety was found among the different EU Member States, the different stakeholders and the different types of geographic data. In the Netherlands, the Data Protection Authority (DPA) states that panoramic images of streets are considered personal data. While Dutch case law judges that the data protection legislation does not apply if certain features are blurred and no link to an address is provided. The topographic datasets studied in the case studies do not contain personal data, according to the Dutch DPA, while the German DPA and the Belgian DPA judge that topographic maps of a large scale can contain personal data, and impose conditions on the processing of topographic maps. The UK DPA does consider this data outside of the scope of legal definition of personal data. The patchwork of differences in data protection legislation can be harmonised by using a traffic light model. This model focuses on the context in which the processing of the data takes place and has four categories of data: (1) sensitive personal data, (2) personal data, (3), data that can possibly lead to identification, and (4) non-personal data. For some geographic data, for example factual data that does not reveal sensitive information about a person, can be categorised in the third category giving room to opening up data under the INSPIRE Directive.

scholarly journals GEOGRAPHIC DATA AS PERSONAL DATA IN FOUR EU MEMBER STATES

2016 ◽  
Vol III-2 ◽  
pp. 151-157
Author(s):  
A. J. de Jong ◽  
B. van Loenen ◽  
J. A. Zevenbergen
Keyword(s):  
Data Protection ◽  
Large Scale ◽  
Personal Data ◽  
Topographic Maps ◽  
Member States ◽  
Eu Member States ◽  
Eu Directive ◽  
Geographic Data ◽  
Protection Legislation ◽  
The Eu

The EU Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data aims at harmonising data protection legislation in the European Union. This should promote the free flow of products and services within the EU. This research found a wide variety of interpretations of the application of data protection legislation to geographic data. The variety was found among the different EU Member States, the different stakeholders and the different types of geographic data. In the Netherlands, the Data Protection Authority (DPA) states that panoramic images of streets are considered personal data. While Dutch case law judges that the data protection legislation does not apply if certain features are blurred and no link to an address is provided. The topographic datasets studied in the case studies do not contain personal data, according to the Dutch DPA, while the German DPA and the Belgian DPA judge that topographic maps of a large scale can contain personal data, and impose conditions on the processing of topographic maps. The UK DPA does consider this data outside of the scope of legal definition of personal data. The patchwork of differences in data protection legislation can be harmonised by using a traffic light model. This model focuses on the context in which the processing of the data takes place and has four categories of data: (1) sensitive personal data, (2) personal data, (3), data that can possibly lead to identification, and (4) non-personal data. For some geographic data, for example factual data that does not reveal sensitive information about a person, can be categorised in the third category giving room to opening up data under the INSPIRE Directive.

scholarly journals The protection of customer personal data as an element of entrepreneurs’ ethical conduct

2018 ◽  
Vol 21 (7) ◽  
pp. 27-44
Author(s):  
Ewa Kulesza
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Business Practices ◽  
Process Data ◽  
Member States ◽  
Eu Member States ◽  
Eu Directive ◽  
The Law ◽  
The Right ◽  
The Eu

The right to the protection of personal data, which is part of the right to privacy, is a fundamental human right. Thus, its guarantees were included in the high-level regulations of the European Union as well as the legal norms of the EU Member States. The first Polish law regulating the protection of personal data was adopted in 1997 as the implementation of EU Directive 95/46. The law imposed a number of obligations on public and private entities which process personal data in order to protect the rights of data subjects and, in particular, to guarantee them the ability to control the correctness of processing of their personal data. Therefore, the law obliged data controllers to process data only on the basis of the premises indicated in the legislation, to adequately secure data, and to comply with the disclosure obligation concerning data subjects, including their right to correct false or outdated data or to request removal of data processed in violation of the law. However, as complaints directed by citizens to the supervisory body—the Inspector General for Personal Data Protection—showed, personal data controllers, especially those operating in the private sector, did not comply with the law, acting in a manner that violated their customers’ rights. In the hitherto existing unfair business practices of entrepreneurs, the violations of the data protection provisions that were the most burdensome for customers were related to preventing them from exercising their rights, including the right to control the processing of data, as well as the failure to provide the controller’s business address, which made it impossible for subjects whose data were used in violation of the law or for the inspecting authorities to contact the company, a lack of data security and a failure to follow the procedures required by law, the failure to secure documents containing personal data or their abandonment, a lack of updating customer data, the use of unverified data sets and sending marketing offers to deceased people or incorrect target recipients, and excessive amounts of data requested by controllers. The violations of the rights of data subjects recorded in Poland and other EU Member States—among other arguments—provided inspiration for the preparation of a new legal act in the form of the EU General Data Protection Regulation (GDPR) (which entered into force on 25 May 2018). The extension of the rights of people whose data are processed was combined in the GDPR with the introduction of new legal instruments disciplining data controllers. Instruments in the form of administrative fines and the strongly emphasised possibility to demand compensation for a violation of the right to data protection were directed in particular against economic entities violating the law.

scholarly journals The Right to Privacy—A Fundamental Right in Search of Its Identity: Uncovering the CJEU’s Flawed Concept of the Right to Privacy

2019 ◽  
Vol 20 (05) ◽  
pp. 722-733 ◽  
Author(s):  
Valentin M. Pfisterer
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Fundamental Rights ◽  
The Political ◽  
Strong Impact ◽  
Right To Privacy ◽  
Eu Member States ◽  
The Right To Privacy ◽  
The Right ◽  
The Eu

AbstractIn recent years, the CJEU has impressively brought to bear the protection of the fundamental rights to privacy and protection of personal data as contained in the CFREU. The Court’s decisions in the Digital Rights, Schrems, Tele2, and PNR cases have reshaped the political and legal landscape in Europe and beyond. By restricting the powers of the governments of EU Member States and annulling legislative acts enacted by the EU legislator, the decisions had, and continue to have, effects well beyond the respective individual cases. Despite their strong impact on privacy and data protection across Europe, however, these landmark decisions reveal a number of flaws and inconsistencies in the conceptualization of the rights to privacy and protection of personal data as endorsed and interpreted by the CJEU. This Article identifies and discusses some of the shortcomings revealed in the recent CJEU privacy and data protection landmark decisions and proposes to the CJEU a strategy aimed at resolving these shortcomings going forward.

scholarly journals Personal Data Protection in New Zealand: Lessons for South Africa?

2017 ◽  
Vol 11 (4) ◽  
pp. 61
Author(s):  
A Roos
Keyword(s):  
South Africa ◽  
New Zealand ◽  
South African ◽  
Data Protection ◽  
Personal Data ◽  
The European Union ◽  
Right To Privacy ◽  
Personal Data Protection ◽  
Eu Directive ◽  
The Eu

In 1995 the European Union adopted a Directive on data protection. Article 25 of this Directive compels all EU member countries to adopt data protection legislation and to prevent the transfer of personal data to non-EU member countries (“third countries”) that do not provide an adequate level of data protection. Article 25 results in the Directive having extra-territorial effect and exerting an influence in countries outside the EU. Like South Africa, New Zealand is a “third” country in terms of the EU Directive on data protection. New Zealand recognised the need for data protection and adopted a data protection Act over 15 years ago. The focus of this article is on the data protection provisions in New Zealand law with a view to establishing whether South Africa can learn any lessons from them. In general, it can be said that although New Zealand law does not expressly recognise a right to privacy, it has a data protection regime that functions well and that goes a long way to providing adequate data protection as required by the EU Directive on data protection. Nevertheless, the EU has not made a finding to that effect as yet. The New Zealand data protection act requires a couple of amendments before New Zealand might be adjudged ‘adequate’. South Africa’s protection of the right to privacy and identity is better developed and more extensive than that of New Zealand. Privacy is recognised and protected in the law of delict and by the South African Constitution. Despite South Africa’s apparently high regard for the individual’s right to privacy and identity and our well-developed common and constitutional law of privacy, South Africa does not meet the adequacy requirement of the EU Directive, because we do not have a data protection Act. This means that South African participants in the information technology arena are at a constant disadvantage. It is argued that South Africa should follow New Zealand’s example and adopt a data protection law as soon as possible.

scholarly journals Tracing Individuals under the EU Regime on Serious, Cross-border Health Threats: An Appraisal of the System of Personal Data Protection

2017 ◽  
Vol 8 (4) ◽  
pp. 700-722 ◽  
Author(s):  
Patrycja DĄBROWSKA-KŁOSIŃSKA
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Integrated Approach ◽  
Border Health ◽  
Health Security ◽  
Personal Data Protection ◽  
Cross Border ◽  
Health Threats ◽  
The Right ◽  
The Eu

AbstractThe article tackles the issue of personal data protection in case of tracing (looking for) individual persons who have been exposed to health risks pursuant to the EU Decision 1082/2013 on Serious, Cross-border Health Threats. This problem exemplifies just one among many challenges of the health-security nexus in the EU. That is, it regards a certain trade-off between the limitation of individual rights and securing populations’ safety. The text appraises the safeguards for the (lawful) limitation of the right to data protection after an in-depth examination of the provisions of the Health Threats Decision, its implementing measures, the reports on its operation, and in light of the general EU data protection laws. In conclusion, it claims that a number of improvements are needed because of the incompleteness, and the insufficient coherence and transparency of the EU regime for health threats. The established shortcomings are, at least in part, caused by the new EU “integrated approach” to health and security. In effect, an overall philosophy of reforms of public health policy in the name of “all-hazards security” applied in the Health Threats Decision can result in a reduction of the adequate level of protection of individuals’ personal data.

scholarly journals Stosowanie unijnych przepisów o transgranicznych zagrożeniach dla zdrowia a ochrona danych osobowych w UE

2017 ◽  
Vol 107 ◽  
pp. 53-81
Author(s):  
Patrycja Dąbrowska-Kłosińska
Keyword(s):  
Data Protection ◽  
Current System ◽  
Personal Data ◽  
Border Health ◽  
Cross Border ◽  
The Us ◽  
Health Threats ◽  
And Control ◽  
The Eu

APPLYING THE RULES ON CROSS-BORDER THREATS TO HEALTH AND THE PROTECTION OF PERSONAL DATA IN THE EUThe paper concerns a possible conflict between the scope of data protection of individuals, including their medical data, and the necessity of preparing and reacting to serious cross-border health threats at the EU level, for example, to pandemics. The case-study of Mr Andrew Speaker, who was ordered not to leave the US by the US Centre for Disease Prevention and Control because of his TB infection, but was travelling through Europe in 2007, provides an illustration to problematic legal issues. The text presents EU regulatory tools which aim at preventing the spread of infectious diseases and other serious cross-border health threats as provided by Decision 1082/2013 and the relevant provisions ensuring data protection of individuals in this context. The objective of the extensive normative analysis of the current regulatory framework is an attempt at assessment whether the current system of EU rules can offer an effective protection of personal data when the provisions on pandemics’ prevention are applied.

scholarly journals A New Data Protection Development in The EU Judicial and Criminal Area

2017 ◽  
Vol 23 (2) ◽  
pp. 144-149
Author(s):  
Gabriela Belova ◽  
Gergana Georgieva
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Terrorist Attacks ◽  
The European Union ◽  
Significant Progress ◽  
Data Retention ◽  
Eu Member States ◽  
European Court ◽  
Efficient Measure ◽  
The Eu

Abstract The following article is dedicated to a new data protection regime in the European Union, in particular the Directive (EU) 2016/680 of the European Parliament and the Council on the protection of natural persons regarding processing of personal data by authorities aiming at prevention, investigation, detection and prosecution of crime offences, including execution of criminal penalties. For this purpose, the authors look first at the data protection within the Prüm framework as well as at the relevant provisions of Lisbon Treaty. Тhe important cases of the European Court of Human Rights are analyzed. Whereas in 2014 EU Member states focused on the question whether or not to retain data, the 2016 conclusion was that in some aspects data retention is the most efficient measure to ensure national security, public safety and fighting across serious crimes. The terrorist attacks in Paris and Brussels call to better equip security authorities. The EU legislature made significant progress on the Data Protection regime. The Directive (EU) 2016/680, the so called the ‘Police and Criminal Justice Directive’, repeals the Council Framework Decision 2008/977/JHA and will enter into force on 6 May 2018.

Sign in / Sign up

Export Citation Format

Share Document