scholarly journals Is the European Data Protection Regulation sufficient to deal with emerging data concerns relating to neurotechnology?

2020 ◽  
Author(s):  
Stephen Rainey ◽  
Kevin McGillivray ◽  
Simi Akintoye ◽  
Tyr Fothergill ◽  
Christoph Bublitz ◽  
...  
Keyword(s):  
Data Collection ◽  
Data Protection ◽  
Technology Development ◽  
Brain Activity ◽  
Personal Data ◽  
Medical Treatments ◽  
European Data ◽  
Consumer Markets ◽  
Highly Sensitive ◽  
Brain Data

Abstract Research-driven technology development in the fields of the neurosciences presents interesting and potentially complicated issues around data in general and brain data specifically. The data produced from brain recordings are unlike names and addresses in that it may result from the processing of largely involuntarily brain activity, it can be processed and reprocessed for different aims, and it is highly sensitive. Consenting for brain recordings of a specific type, or for a specific purpose, is complicated by these factors. Brain data collection, retention, processing, storage, and destruction are each of high ethical importance. This leads us to ask: Is the present European Data Protection Regulation sufficient to deal with emerging data concerns relating to neurotechnology? This is pressing especially in a context of rapid advancement in the fields of brain computer interfaces (BCIs), where devices that can function via recorded brain signals are expanding from research labs, through medical treatments, and beyond into consumer markets for recreational uses. One notion we develop herein is that there may be no trivial data collection when it comes to brain recording, especially where algorithmic processing is involved. This article provides analysis and discussion of some specific data protection questions related to neurotechnology, especially BCIs. In particular, whether and how brain data used in BCI-driven applications might count as personal data in a way relevant to data protection regulations. It also investigates how the nature of BCI data, as it appears in various applications, may require different interpretations of data protection concepts. Importantly, we consider brain recordings to raise questions about data sensitivity, regardless of the purpose for which they were recorded. This has data protection implications.

The Development of European Data Protection Law and Regulation

2019 ◽  
pp. 35-54
Author(s):  
David Erdos
Keyword(s):  
Data Protection ◽  
Legal Status ◽  
Personal Data ◽  
Working Party ◽  
Advisory Council ◽  
Human Right ◽  
General Data Protection Regulation ◽  
European Data ◽  
Regulatory Data ◽  
The Eu

This chapter explores the development of European data protection, both as a codified form of regulation and as a human right, from its inception to the present day. In contrast to more ʻclassicalʼ rights, such as freedom of expression and even privacy, data protection only emerged as a discrete concept with the rise of computer power in the 1970s. The focus in Europe from this time has been on elaborating a progressively more detailed and harmonized regulatory code to govern the processing of personal data across the EU and wider European Economic Area (EEA). Advisory Council of Europe Resolutions in the 1970s led to a binding but optional Data Protection Convention in the 1980s, to a mandatory Data Protection Directive in the 1990s, and finally to a General Data Protection Regulation (GDPR) in the 2010s which is directly applicable across the EU. In addition, data protection has increasingly been recognized as a fundamental right and, in particular, was included within the EU Charter that was drafted in 2000 and acquired pan-EU legal status in 2009. These developments have dovetailed with the emergence of a significant body of relevant Court of Justice of the EU (CJEU) jurisprudence. However, the regulatory Data Protection Authorities (DPAs) also remain critical interpretative actors and have issued a number of important opinions including through the Article 29 Working Party that under the GDPR has become the European Data Protection Board.

scholarly journals ESTUDO SOBRE A REALIZAÇÃO DO DIREITO DA PROTECÇÃO DE DADOS PESSOAIS ATRAVÉS DA JURISPRUDÊNCIA DO TRIBUNAL DE JUSTIÇA DA UNIÃO EUROPEIA

2020 ◽  
Vol 29 (1) ◽  
Author(s):  
Rita De Sousa Costa
Keyword(s):  
European Union ◽  
Data Protection ◽  
Personal Data ◽  
Case Law ◽  
Legal Framework ◽  
The European Union ◽  
Personal Data Protection ◽  
Court Of Justice ◽  
European Data ◽  
Data Protection Law

[PT]No presente texto, apresentamos as grandes linhas de aplicação do direito europeu da protecção de dados conforme gizadas pela jurisprudência do TJUE, com o objectivo de demonstrar como e em que medida este Tribunal modelou – e continua a modelar – o quadro jurídico em vigor, na certeza de que aquela jurisprudência impõe um conjunto de desafios determinantes para a realização material do direito europeu da protecção de dados pessoais. [ESP]Este texto presenta las líneas generales de la aplicación de la legislación europea de protección de datos tal como se establece en la jurisprudencia del TJUE, con el objetivo de demostrar cómo y en qué medida este Tribunal ha configurado -y sigue configurando- el marco jurídico vigente, con la certeza de que la dicha jurisprudencia plantea una serie de retos cruciales para la aplicación material del derecho europeo de la protección de datos personales. [ENG]This text outlines the implementation of the European data protection law as laid down in the case-law of the Court of Justice of the European Union, with the aim of demonstrating how and to what extent the Court has shaped – and continues to shape – the current legal framework. The case-law analysed points out a plethora of challenges which are key to the implementation of the European personal data protection law.

scholarly journals Reporting, recording, and communication of COVID-19 cases in workplace: data protection as a moving target

2020 ◽  
Vol 7 (1) ◽  
Author(s):  
Mahsa Shabani ◽  
Tom Goffin ◽  
Heidi Mertes
Keyword(s):  
Data Collection ◽  
Data Protection ◽  
Personal Data ◽  
Privacy Preserving ◽  
Moving Target ◽  
National Data ◽  
Risks And Benefits ◽  
Guidelines And Recommendations

Abstract In response to concerns related to privacy in the context of coronavirus disease 2019 (COVID-19), recently European and national Data Protection Authorities (DPAs) issued guidelines and recommendations addressing a variety of issues related to the processing of personal data for preventive purposes. One of the recurring questions in these guidelines is related to the rights and responsibilities of employers and employees in reporting, recording, and communicating COVID-19 cases in workplace. National DPAs in some cases adopted different approaches regarding duties in reporting and communicating the COVID-19 cases; however, they unanimously stressed the importance of adopting privacy-preserving approaches to avoid raising concerns about surveillance and stigmatization. We stress that in view of the increasing use of new data collection and sharing tools such as ‘tracing and warning’ apps, the associated privacy-related risks should be evaluated on an ongoing manner. In addition, the intricacies of different settings where such apps may be used should be taken into consideration when assessing the associated risks and benefits.

Incomplete Data Protection Law

2014 ◽  
Vol 15 (6) ◽  
pp. 1071-1104
Author(s):  
Kunbei Zhang
Keyword(s):  
Legal System ◽  
Data Protection ◽  
Personal Data ◽  
Tort Liability ◽  
Host Countries ◽  
European Data ◽  
Chinese Perspective ◽  
Data Protection Law ◽  
The Right

The European legal system governing data protection issues is widely regarded as an adequate blueprint for late developers to follow. According to this position, host countries will benefit from receiving the ready-made data protection law because it has already gone through a process of trial and error in Europe. For example, China follows the traditional civil law measures on data protection, such as contractual and tort liability. No Chinese legislation deals specifically with the right to protection of personal data. In China, researchers paid attention to the European legal system, which is regarded as the milestone for data protection. Some vigorously suggest that China should quickly move to enact data protection law based on the model provided by European law.When Chinese researchers strongly promote the European legal system over data protection issues, they send an underlying message that the quality of European laws is good enough to sufficiently deter violations: Individuals would be prohibited from carrying out harmful actions as soon as the expected law is transplanted to China. From a Chinese perspective, our country could quickly move to enact a similar law following the tone of Europe in order to enhance the efficiency of data protection. But is this a compelling position? Will European data protection laws indeed regulate unambiguously and prospectively? Will European data protection laws provide clear guidance to Chinese judges for resolving data protection-related cases? And will the court-enforced laws sufficiently solve the broad spectrum of problems on data use? Understanding the European enforcement mechanism covering data protection issues, and thereby assessing its efficacy on deterrence, is vital to answering these questions.

scholarly journals The GDPR at the Organizational Level: A Comparative Study of Eight European Countries

2021 ◽  
Vol 24 (2) ◽  
pp. 207-222
Author(s):  
Marek Zanker ◽  
Vladimír Bureš ◽  
Anna Cierniak-Emerych ◽  
Martin Nehéz
Keyword(s):  
Data Collection ◽  
Data Protection ◽  
Subjective Evaluation ◽  
Personal Data ◽  
Subjective Assessment ◽  
Organizational Level ◽  
Correct Identification ◽  
The European Union ◽  
General Data Protection Regulation ◽  
Personal Data Protection

The General Data Protection Regulation, also known as the ‘gold standard’ or the ‘Magna Carta’ of cyber laws, is a European regulation that deals with rights in the area of privacy and focuses on data collection, storage and data processing. This manuscript presents the results of investigation in the business sphere from eight countries of the European Union. The research focused on awareness of the GDPR, costs associated with the GDPR, number of trainings, how data are secured and subjective evaluation. The questionnaire was used for data collection. The results show that the majority of employees concerned about the GDPR are able to define the GDPR correctly (64%). The correct identification of personal data is in 95% of cases. The vast majority of respondents (94%) assign the right to personal data protection to the GDPR. Most employees are trained in the GDPR once (46%) or twice (45%). Subsequently, the differences between these countries in some areas of the questionnaire survey were examined. For this purpose, Welch ANOVA with post-test Tukey HSD or Kruskal-Wallis test were used. As a result, knowledge about the personal data do not vary significantly between the countries. In the area of rights, the countries are not again statistically different. As for the number of security countries, statistics do not differ significantly. The subjective assessment of the GDPR is different across the countries. The GDPR is rated worst by companies in the Czech Republic and Slovakia. On the contrary, the GDPR is best perceived by companies in France and the United Kingdom.

scholarly journals Data Protection Impact Assessment: A Protection Tool for Migrants Using ICT Solutions

2021 ◽  
Vol 10 (12) ◽  
pp. 466
Author(s):  
Júlia Zomignani Barboza ◽  
Paul De Hert
Keyword(s):  
Impact Assessment ◽  
Data Protection ◽  
Technology Development ◽  
Personal Data ◽  
Target Population ◽  
Development Project ◽  
Smart Devices ◽  
Specific Situation ◽  
Technology Development Project ◽  
Ict Tools

Smart devices have become ubiquitous in everyday life, and it is commonplace that migrants are among the users of connected tools. With the realization that migrants rely on connectivity for multiple purposes, including to access information and services, many initiatives started working on developing ICT tools to assist migrants to integrate into their new society. Technological tools, however, come with inherent risks, many of which are linked to the processing of personal data of their users. This is especially true for migrants, who are often vulnerable due to their migration status, which is not always secure in the host country. To mitigate these risks, we argue that an expanded data protection impact assessment, analyzing not only the impacts related to data protection, but also to the specific situation of migrants, should be conducted at the outset of any technology development project to influence the development of safe and reliable ICT tools for this target population. A practical example of the application of such an assessment is provided, based on the authors’ experience as legal advisors in the REBUILD project, which is one of the current initiatives in the EU aiming to develop ICT tools for migrant integration.

scholarly journals The Impact of the New European Union General Data Protection Regulation (GDPR) on Data Collection at Mass Gatherings

2019 ◽  
Vol 34 (s1) ◽  
pp. s138-s138
Author(s):  
Annelies Scholliers ◽  
Dimitri De Fré ◽  
Inge D’haese ◽  
Stefan Gogaert
Keyword(s):  
European Union ◽  
Data Collection ◽  
Data Protection ◽  
Scientific Research ◽  
Personal Data ◽  
The European Union ◽  
General Data Protection Regulation ◽  
Mass Gatherings ◽  
General Data ◽  
The Law

Introduction:As of May 2018, a new European privacy law called the General Data Protection Regulation (GDPR) is in order. With this law, every organization operating in the European Union (EU), needs to adhere to a strict set of rules concerning collection and processing of personal data.Aim:To explore the consequences of the GDPR for data collection at mass gatherings in the European Union.Methods:Since the law was published on April 27, 2016, a thorough reading of the law was conducted by 4 persons with a background in mass gathering health. The GDPR consists of 99 articles organized into 11 chapters. There are also 173 recitals to further explain certain ambiguities. Key articles and recitals relating to healthcare and scientific research were identified. Possible pitfalls and opportunities for data collection and processing at mass gatherings were noted.Discussion:Under article 4, key definitions are noted. There is a clear definition of “data concerning health”. According to the GDPR, health data is a special category of personal data which should not be processed according to article 9(1). However, there is an exception for scientific research (article 9(2)(j)). There are a few safeguards in place, as laid out in article 89. One interesting point is that according to article 89(2), certain derogations can take place if the law interferes with scientific research. The GDPR has major consequences for data collection and processing in the EU. However, with the use of certain safeguards (e.g., pseudonymization) there are still ample opportunities for scientific research. It is important to review one’s method of data collection to make sure it complies with the GDPR.

scholarly journals Web Tracking Under the New Data Protection Law: Design Potentials at the Intersection of Jurisprudence and HCI

i-com ◽  
2020 ◽  
Vol 19 (1) ◽  
pp. 31-45 ◽  
Author(s):  
Timo Jakobi ◽  
Gunnar Stevens ◽  
Anna-Magdalena Seufert ◽  
Max Becker ◽  
Max von Grafenstein
Keyword(s):  
Data Collection ◽  
Data Protection ◽  
Personal Data ◽  
Practical Relevance ◽  
Member States ◽  
Eu Member States ◽  
Great Uncertainty ◽  
Data Protection Law ◽  
The Web

AbstractThe GDPR regulates at present the handling with personal data fundamentally new and thereby opens new leeway. At the same time, it creates great uncertainty among those affected. One example of this is web tracking: It helps designers to improve the utility and usability of their websites based on, in part, extensive (personal) data collection, or enable operators to finance them. Against this background, in this article we first show the practical relevance of web tracking by collecting the web trackers of the 100 most popular pages of each of the 28 EU member states. Building on this, we show which data these trackers collect and analyze their legal bases. Finally, we discuss possible consequences in design and architecture for fulfilling the legally outlined requirements, taking into account a user’s perspective.

Sign in / Sign up

Export Citation Format

Share Document