5. The data protection principles

The notion that data controllers should comply with a set of general data protection principles has been a feature of data protection statutes from the earliest days. As well as imposing obligations on controllers, the principles also confer rights – most notably relating to subject access on data subjects. This chapter will consider the scope and extent of the principles paying particular attention to the requirement that personal data be processed fairly and lawfully. A topic of more recent interest relates to the length of time for which data may be held and made available to third parties. Often referred to as involving the “right to be forgotten”, this is especially relevant to the operation of search engines which make it easy for users to find news stories what would have passed into obscurity in previous eras. The chapter considers also at the operation of the principle requiring users to adopt appropriate security measures against unauthorized access, a topic which is of particular relevance given recent and well publicised large-scale cyber-attacks.

Uchybienie przepisom o ochronie danych osobowych jako naruszenie dobra osobistego – analiza na przykładzie orzecznictwa Sądu Najwyższego

Studia Prawnoustrojowe ◽

10.31648/sp.5333 ◽

2019 ◽

pp. 245-259

Author(s):

Bernard Łukanko

Keyword(s):

Data Protection ◽

Personal Data ◽

Right To Privacy ◽

Professional Literature ◽

Personal Data Protection ◽

The Right To Privacy ◽

General Data ◽

The Right ◽

Personal Interests

The study is concerned with the issue of mutual relationship between the failure to comply with the laws on personal data protection and regulations relating to the protection of personal interests, including in particular the right to privacy. The article presents the views held by the Supreme Court with respect to the possibility of considering acts infringing upon the provisions of the Personal Data Protection Act of 1997 (after 24 May 2018) and of the General Data Protection Regulation (after 25 May 2018) as violation of personal interests, such as the right to privacy. The author shared the view of the case law stating that, if in specifc circumstances the processing of personal data violates the right to privacy, the party concerned may seek remedy on the grounds of Articles 23 and 24 of the Polish Civil Code. This position isalso relevant after the entry into force of the GDPR which, in a comprehensive and exhaustive manner, directly applicable in all Member States, regulates the issue of liability under civil law for infringements of the provisions of the Regulation, however, according to the position expressed in professional literature, it does not exclude the concurrence of claims and violation of the provisions on the protection of personal interests caused by a specifc event. In case of improper processing of personal data, the remedies available under domestic law on the protection of personal interests may be of particular importance outside the subject matter scope of the GDPR applicability.

Can the Internet Forget? – Rhe Eight to be Forgotten in the EU Law and its Actual Impact on the Internet. Comparison of the Approaches Towards the Notion and Assessment of its Effectiveness

Wroclaw Review of Law Administration & Economics ◽

10.2478/wrlae-2019-0006 ◽

2020 ◽

Vol 9 (1) ◽

pp. 86-101

Author(s):

Aleksandra Gebuza

Keyword(s):

Data Protection ◽

Personal Data ◽

The Internet ◽

Eu Law ◽

Actual Impact ◽

Right To Be Forgotten ◽

General Data ◽

The Right ◽

The Eu

AbstractThe main aim of the article is to provide analysis on the notion of the right to be forgotten developed by the CJEU in the ruling Google v. AEPD & Gonzalez and by the General Data Protection Regulation within the context of the processing of personal data on the Internet. The analysis provides the comparison of approach towards the notion between European and American jurisprudence and doctrine, in order to demonstrate the scale of difficulty in applying the concept in practice.

The General Data Protection Regulation in Plain Language

10.5117/9789463726511 ◽

2020 ◽

Author(s):

Bart Sloot

Keyword(s):

Data Protection ◽

The European Union ◽

Security Measures ◽

Plain Language ◽

Process Data ◽

General Data ◽

Data Portability ◽

Right To Information ◽

The General Data Protection Regulation in Plain Language is a guide for anyone interested in the much-discussed rules of the GDPR. In this legislation, which came into force in 2018, the European Union meticulously describes what you can and cannot do with data about other people. Violating these rules can lead to a fine of up to 20 million euros. This book sets out the most important obligations of individuals and organisations that process data about others. These include taking technical security measures, carrying out an impact assessment and registering all data-processing procedures within an organisation. It also discusses the rights of citizens whose data are processed, such as the right to be forgotten, the right to information and the right to data portability.

From universal towards child-specific protection of the right to privacy online: Dilemmas in the EU General Data Protection Regulation

New Media & Society ◽

10.1177/1461444816686327 ◽

2017 ◽

Vol 19 (5) ◽

pp. 765-779 ◽

Cited By ~ 14

Author(s):

Milda Macenaite

Keyword(s):

Data Protection ◽

Personal Data ◽

Best Interests ◽

Right To Privacy ◽

Average Child ◽

The Right To Privacy ◽

General Data ◽

The Right ◽

The Eu

The new European Union (EU) General Data Protection Regulation aims to adapt children’s right to privacy to the ‘digital age’. It explicitly recognizes that children deserve specific protection of their personal data, and introduces additional rights and safeguards for children. This article explores the dilemmas that the introduction of the child-tailored online privacy protection regime creates – the ‘empowerment versus protection’ and the ‘individualized versus average child’ dilemmas. It concludes that by favouring protection over the empowerment of children, the Regulation risks limiting children in their online opportunities, and by relying on the average child criteria, it fails to consider the evolving capacities and best interests of the child.

Compatibility of a Security Policy for a Cloud-Based Healthcare System with the EU General Data Protection Regulation (GDPR)

Information ◽

10.3390/info11120586 ◽

2020 ◽

Vol 11 (12) ◽

pp. 586

Author(s):

Dimitra Georgiou ◽

Costas Lambrinoudakis

Keyword(s):

Healthcare System ◽

Data Protection ◽

Security Policy ◽

Personal Data ◽

Legal Framework ◽

Healthcare Systems ◽

Security And Privacy ◽

Security Measures ◽

General Data

Currently, there are several challenges that cloud-based healthcare systems around the world are facing. The most important issue is to ensure security and privacy, or in other words, to ensure the confidentiality, integrity, and availability of the data. Although the main provisions for data security and privacy were present in the former legal framework for the protection of personal data, the General Data Protection Regulation (GDPR) introduces new concepts and new requirements. In this paper, we present the main changes and the key challenges of the GDPR and, at the same time, we present how a cloud-based security policy could be modified in order to be compliant with the GDPR, as well as how cloud environments can assist developers to build secure and GDPR compliant cloud-based healthcare systems. The major concept of this paper is dual-purpose; primarily, to facilitate cloud providers in comprehending the framework of the new GDPR and secondly, to identify security measures and security policy rules, for the protection of sensitive data in a cloud-based healthcare system, following our risk-based security policy methodology that assesses the associated security risks and takes into account different requirements from patients, hospitals, and various other professional and organizational actors.

Convention 108: Present importance and implementation

Strani pravni zivot ◽

10.5937/spz64-26350 ◽

2020 ◽

pp. 99-110

Author(s):

Arben Murtezić

Keyword(s):

Data Protection ◽

Personal Data ◽

Government Officials ◽

Personal Data Protection ◽

The Right To Privacy ◽

European Court ◽

General Data ◽

The Right ◽

The Relationship

The purpose of this paper is to highlight the significance of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (Convention 108) in the overall system of personal data protection, especially from the perspective of non-EU countries that are members of the Council of Europe. This is attempted primarily through the evaluation of correlation between the Convention 108 and ECHR and GDPR in its segment that regulates relationship between the EU and third countries. The interest for the issue of personal data protection has been increasing among legal and ICT professionals, academics, government officials and even a general public over the years. This has been particularly intensified by adopting General Data Protection Regulation (GDPR). However, the adoption of the GDPR did not diminish importance of the Convention 108. On the contrary, it seems that the 'adequacy' principle regarding the third countries proclaimed by the GDPR, stresses its importance. The paper begins with the brief overview of the Convention 108 principles and the modernization that is brought by Protocol of 2018, which coincides with the entry into force of much-mentioned GDPR. It continues with analysis of the relationship between the GDPR and Convention 108, with focus on elements decisively influencing the assessment of the adequacy of the level of protection. Even though there is no sign of equivalence between the right to privacy and personal data protection these matters inevitably intersect in practice. Therefore, the final section of the text summarizes the cases of the European Court of Human Rights invoking Convention 108, with the aim to demonstrate how it is interpreted by the highest judicial instance in Europe.

THE INFLUENCE OF NEW TECHNOLOGIES ON THE PROTECTION OF PERSONAL DATA WITHIN THE FRAMEWORK OF THE EPIDEMIC COVID-19

ULP Law Review ◽

10.46294/ulplr-rdulp.v14i4.7472 ◽

2021 ◽

Vol 14 (1) ◽

pp. 79-104

Author(s):

Maria Teresa Heredero Campo

Keyword(s):

Data Protection ◽

New Technologies ◽

Personal Data ◽

Fundamental Rights ◽

Present Moment ◽

Self Image ◽

Personality Rights ◽

General Data ◽

SUMMARY Legislators legislate as needs arise; it is the present moment and society itself, through its demands, which sets the path and provides them with the keys as to what matters to legislate on and what aspects need to be developed in greater detail. Contemporary societies try, with greater or lesser success, to adapt to the changes that are taking place, both those reflected in daily customs and habits, and those related to the generation, dissemination and use of information and knowledge. Today's society consumes and handles an excessive volume of information and data, often without assessing its veracity or analysing the source from which it comes, without considering the importance of the data it provides at any given time, and much less thinking about the consequences that misuse of such data may have for privacy, for example. These are issues that, despite being the order of the day, have already given cause for concern. A fact that is reflected in an increasingly prolix jurisprudence. An example of this, as we will have the opportunity to point out below, is the SAN of 6 April 2018, which, with regard to the problems that arise in relation to medical records, highlights the importance of defending the right to the protection of personal data and the need to obtain consent in an appropriate manner. In these times of pandemic, it is important to seek a suitable approach and to know some fundamental aspects of the aforementioned right to data protection, starting from such extremely important concepts as: personal data or consent itself. Moreover, the development of this right, so much questioned lately due to the use of COVID applications, in terms of the possible effects on privacy or image, or any of the controversies that are arising around data protection in the management of the coronavirus, almost forces us to think about its limits. In this respect, we must bear in mind that many of the answers to the questions that are being raised about the problems associated with current practices lie in the legitimising bases of data processing. In this study, I conclude that despite the great importance of some personality rights, including privacy, honour or self-image, and among which is the right to data protection, the right that deserves the greatest protection is the right to life. Let us not forget that the function of law is to serve the person to whom the reason for its existence must be attributed. KEY WORDS Law and New Technologies; Data Protection; Fundamental Rights; Personality Rights; Data Protection; Right to privacy; Right to honour; Right to image; General Data Protection Regulation (GDPR); Organic Law on Data Protection and Guarantee of Digital Rights (LOPDyGDD); COVID-19 (Coronavirus).

Aplicativos de mobilidade urbana e compartilhamento de dados de tráfego com o poder público: uma análise com base na Lei Geral de Proteção de Dados brasileira / Urban mobility applications and sharing of traffic data with public power: an analysis based on the General Data Protection Law in Brazil

Revista de Direito da Cidade ◽

10.12957/rdc.2020.49174 ◽

2020 ◽

Vol 12 (4) ◽

pp. 24-50

Author(s):

Patrícia Borba Vilar Guimarães ◽

Yanko Marcius de Alencar Xavier ◽

Braulio Gomes Mendes Diniz

Keyword(s):

Data Protection ◽

Personal Data ◽

Sharing Economy ◽

Traffic Data ◽

Urban Mobility ◽

The Right To Privacy ◽

General Data ◽

Data Protection Law ◽

The Government ◽

ResumoEste artigo avalia as possibilidades de aplicativos de mobilidade urbana compartilharem dados de tráfego com o poder público como forma de auxiliar no planejamento da mobilidade urbana. Inicialmente, apresenta-se a estrutura de organização de da economia do compartilhamento, que depende intensamente do fornecimento de dados por parte dos usuários para oferecer os serviços propostos. Em seguida, destaca-se a relevância jurídica desses dados pessoais e os fundamentos de sua proteção, por um lado, e a importância de obter dados de tráfego para o planejamento da mobilidade urbana, por outro. Definido o contexto em que o debate é proposto, avalia-se de que maneira a Lei Geral de Proteção de Dados (LGPD) brasileira aborda essa questão do compartilhamento de dados pessoais com o Estado, bem como as regras específicas de três das plataformas de serviços de transporte em operação no Brasil (Uber, Cabify e 99). A partir da análise, sugerem-se como alternativas ao compartilhamento dentro dos parâmetros legais: i) o fornecimento de dados anonimizados, agregados ou tratados de modo a preservar o direito à privacidade; ii) a preservação de segredos comercial e industrial; e iii) reforço nas políticas de privacidade quanto às regras de consentimento do usuário.Palavras-chave: Mobilidade urbana. Aplicativos. Proteção de dados. LGPD. Compartilhamento de dados. AbstractThis article assesses the possibilities for urban mobility applications to share traffic data with the government as a way to assist in planning urban mobility. Initially sharing economy is presented as which depends heavily on data provision by users to offer their proposed services. Then, it highlights the legal relevance of personal data and their protection, on the one hand, and the importance of obtaining traffic data for the planning of urban mobility, on the other. Having defined the context in which the debate is proposed, it is assessed how the Brazilian General Data Protection Law (LGPD) addresses this issue of sharing personal data with the State, as well as the specific rules of three of the service urban mobility platforms in operation in Brazil (Uber, Cabify and 99). From the analysis, the following alternatives are suggested within the brazilian legal parameters: i) the provision of anonymized data, aggregated or treated in order to preserve the right to privacy; ii) the preservation of commercial and industrial secrets; and iii) reinforcement of privacy policies regarding user consent rules.Keywords: urban mobility. Applications. Data protection. LGPD. Data sharing.

23. Data protection: rights and obligations

Information Technology Law ◽

10.1093/he/9780198804727.003.0023 ◽

2019 ◽

pp. 595-619

Author(s):

Andrew Murray

Keyword(s):

Data Protection ◽

Financial Services ◽

Personal Data ◽

Role Of The State ◽

General Data ◽

The Right ◽

Access Right ◽

Data Subject

This chapter examines the rights of data subjects under GDPR and the role of the state in supervising data controllers. It examines data subject rights, including the subject access right and the right to correct and manage personal data. It deals with the development of the so-called Right to be Forgotten and the Mario Costeja González case. It examines the current supervisory regime, including the role of the Information Commissioner’s Office and the enforcement rights of data subjects. Key cases, including Durant v The Financial Services Authority, Edem v IC & Financial Services Authority, Dawson-Damer v Taylor Wessing, and Ittihadieh v 5–11 Cheyne Gardens are discussed, and the chapter concludes by examining the enhanced enforcement rights awarded to the Information Commissioner’s Office by the General Data Protection Regulation in 2018.