European Data Protection Regulation, Journalism, and Traditional Publishers

2019 ◽  
Author(s):  
David Erdos
Keyword(s):  
New Media ◽  
Data Protection ◽  
Freedom Of Expression ◽  
Code Of Conduct ◽  
Academic Disciplines ◽  
General Data Protection Regulation ◽  
European Data ◽  
General Data ◽  
Professional Artists ◽  
Normative Perspective

This book explores the interface between European data protection and the freedom of expression activities of traditional journalism, professional artists, and both academic and non-academic writers from both an empirical and normative perspective. It draws on an exhaustive examination of both historical and contemporary public domain material and a comprehensive questionnaire of European Data Protection Authorities (DPAs). Empirically it is found that, notwithstanding an often confusing statutory landscape, DPAs have sought to develop an approach to regulating the journalistic media based on contextual rights balancing. However, they have struggled to secure a clear and specified criterion of strictness as regards standard-setting or a consistent and reliable approach to enforcement. DPAs have appeared even more confused as regards other traditional publishers, largely abstaining from regulating most professional artists and writers but attempting to subject all academic disciplines to onerous statutory restrictions established for medical, scientific, and related research. From these findings, it is argued that balancing contextual rights has value and should be both generalized across all traditional publishers and systematically and sensitively developed through structured and robust co-regulation. Such co-regulation should adopt the new code of conduct and monitoring provisions included in the General Data Protection Regulation (GDPR) as a broad guideline. DPAs should accord strong deference to any codes and monitoring bodies which verifiably meet the accredited criteria but must engage more proactively when these are absent. In any case, DPAs should also intervene directly as regards particularly serious or systematic issues and have an increasingly important role in ensuring a joined-up approach between traditional publishing and new media activity.

Introduction

2019 ◽  
pp. 3-18
Author(s):  
David Erdos
Keyword(s):  
Data Protection ◽  
Public Discourse ◽  
Freedom Of Expression ◽  
Methodological Approach ◽  
Personal Data ◽  
European Economic Area ◽  
Normative Study ◽  
General Data Protection Regulation ◽  
General Data ◽  
Professional Artists

This chapter introduces the tension between European data protection regulation and freedom of expression, including the heightened form this tension assumes as regards the activity of professional journalists and other traditional publishers. These actors not only play a central role in public discourse but also often possess a disproportionate ability to gather, process, and disseminate personal data. It is therefore important both to examine how these interactions have played out at different times, in different places and contexts, and to consider how they might best evolve across the European Economic Area (EEA) under the new European Union (EU) General Data Protection Regulation (GDPR). The concept of traditional publishers is often equated to professional journalists and the institutional media but should also encompass professional artists and writers including academics. The chapter delineates the scope of this empirical and normative study, explores the key concepts deployed, and elucidates the methodological approach adopted.

‘Non-Journalistic’ Traditional Publishers and Third-Generation European Data Protection Regulation

2019 ◽  
pp. 252-272
Author(s):  
David Erdos
Keyword(s):  
Social Sciences ◽  
Data Protection ◽  
Scientific Research ◽  
Public Knowledge ◽  
Third Generation ◽  
General Data Protection Regulation ◽  
European Data ◽  
The Social ◽  
General Data ◽  
Professional Artists

This chapter explores the interface between data protection and professional artists and (academic and non-academic) writers both in the formal law under the General Data Protection Regulation (GDPR) and in terms of the approach that should be adopted by Data Protection Authorities (DPAs) here. The GDPR mandates that States set down derogations as are ‘necessary’ to reconcile data protection with not only journalism but other special forms of expression, namely artistic, literary, and (in a new departure) academic expression. Moreover, with a few exceptions, States grant all these forms of expression comparable shields within their statutory laws. However, contrary to the GDPR itself, most do not expressly extend these shields to ‘knowledge facilitation’ activities such as scientific research. This could undermine protections for academic expression. It is, therefore, imperative that DPAs adopt a purposive interpretation which ensures that all processing orientated towards contributing to public knowledge or discourse can benefit from these shields even if the activity could also be conceptualized as, for example, scientific research. Nevertheless, DPAs should develop specific standards and an enforcement strategy that recognizes that these shields are qualified. Both should foster co-regulatory engagement. However, co-regulation remains challenging here as a result of the entirely informal nature of norms amongst non-academic artists and writers and the dominance of a biomedical approach within many academic institutions which is alien to the much of the work in the social sciences and the humanities. DPAs will, therefore, need to be proactive rather than reactive in this area.

scholarly journals How Comprehensive Is Chinese Data Protection Law? A Systematisation of Chinese Data Protection Law from a European Perspective

2020 ◽  
Vol 69 (12) ◽  
pp. 1191-1203
Author(s):  
Anja Geller
Keyword(s):  
Data Protection ◽  
European Perspective ◽  
General Development ◽  
General Direction ◽  
General Data Protection Regulation ◽  
Chinese Law ◽  
European Data ◽  
General Data ◽  
Data Protection Law

Abstract In China, there is no unified data protection law similar to the EU’s General Data Protection Regulation (GDPR). As a result, there are many different relevant regulations. Among other things, this makes enforcement and comprehension more difficult. To alleviate this problem and assess the comprehensiveness of Chinese data protection, this article uses the GDPR as a frame to organise and systematise the most important Chinese regulations. Binding and non-binding as well as enacted and draft provisions are included to show the dynamic progress and the general direction of Chinese law. While from a European data protection perspective there still are numerous deficiencies, the general development is positive.

Conclusion

2021 ◽  
pp. 256-260
Author(s):  
Dara Hallinan
Keyword(s):  
Data Protection ◽  
Baseline Level ◽  
Genetic Privacy ◽  
General Data Protection Regulation ◽  
Early Stages ◽  
European Data ◽  
General Data ◽  
Data Protection Law

This concluding chapter argues that European data protection law, under the General Data Protection Regulation (GDPR), can and ought to be looked at to play a central role in the protection of genetic privacy in biobanking in Europe. In the first instance, the substantive framework presented by the GDPR already offers an impressive baseline level of protection for genetic privacy. In turn, while numerous problems with this baseline standard of protection are identifiable, the GDPR offers the normative flexibility to accommodate solutions to these problems, as well as the procedural mechanisms to facilitate the realisation of solutions. The interaction between GDPR and biobanking is still, however, in the early stages. Whether this potential is realised now depends on the decisions and actions of regulatory stakeholders in the biobanking space. Their decisions have the potential to optimise or undermine the GDPR as a system for the protection of genetic privacy in biobanking. The biobanking community also have consequential choices as to how they perceive and operationalise the GDPR.

The Future Shape of European Data Protection Regulation and Professional Journalism

2019 ◽  
pp. 182-206
Author(s):  
David Erdos
Keyword(s):  
Data Protection ◽  
News Media ◽  
Information Exchange ◽  
Resource Constraints ◽  
Code Of Conduct ◽  
The European Union ◽  
General Data Protection Regulation ◽  
Media Regulation ◽  
European Data ◽  
Regulatory Approach

This chapter explores the approach European Data Protection Authorities (DPAs) should take to their role vis-à-vis the professional journalistic media under the General Data Protection Regulation (GDPR). Such an approach must take into account the contextual trend within European Court of Human Rights case law, the growth of a stricter Court of Justice of the European Union data protection jurisprudence, and continuing severe resource constraints. In the area of standards, DPAs should endorse a broad construction of the journalistic derogation that encompasses news/media archives but should also promote a specific and structured approach to contextual balancing within this derogation. Such detailed standard-setting raises acute sensitivities. Therefore, guidance should be formulated through a co-regulatory process which adopts the GDPR’s code of conduct provisions as a broad guideline. Enforcement remains even more delicate, potentially very expensive, but nevertheless vital. A strategic co-regulatory approach is appropriate here too. DPAs should encourage self-regulatory monitoring mechanisms and, in cases where these meet the criteria laid down in the GDPR, should defer to them other than when particular systematic or serious issues arise. If such criteria are not satisfied, DPAs need to deploy their powers proactively across the board. Finally, where no self-regulatory mechanism exists, DPAs must independently ensure a proportionate response to all complaints and issues that arise. Media regulation rightly remains largely within State jurisdiction. Therefore, the European Data Protection Regulation should avoid coercive intervention here. Nevertheless, it should play a valuable ʻsoftʼ role through drafting non-binding guidance and promoting information exchange, dialogue, and cooperation.

Do We Need Data Protection at All?

2021 ◽  
pp. 91-128
Author(s):  
Dara Hallinan
Keyword(s):  
Data Protection ◽  
Thought Experiment ◽  
Legal Systems ◽  
Genetic Privacy ◽  
General Data Protection Regulation ◽  
European Data ◽  
Viable Solution ◽  
General Data ◽  
Data Protection Law ◽  
The Uk

This chapter assesses whether there is any need to consider European data protection law as a framework for the protection of genetic privacy in biobanking in Europe at all. To answer the question, the chapter conducts a thought experiment and examines what the standard of protection in Europe would look like if one were to exclude data protection law from consideration. This is merely a thought experiment, as data protection already plays, and will continue to play, a significant role in the protection of genetic privacy in biobanking in Europe. The exercise is enlightening, however, in showing the extent of flaws in protection in European legal systems stripped of data protection. In this regard, the chapter then maps the protection provided to genetic privacy in biobanking by the EU's, and three European states'—Estonia, Germany, and the UK—legal systems. It then engages in a critical analysis, highlighting the significant inadequacy of the protection provided by these systems excluding data protection law. Finally, the chapter shows why, generally, European data protection law under the General Data Protection Regulation (GDPR) looks a viable solution to address the problems displayed by other approaches.

The benefits and challenges of general data protection regulation for the information technology sector

2019 ◽  
Vol 21 (5) ◽  
pp. 510-524 ◽  
Author(s):  
Nazar Poritskiy ◽  
Flávio Oliveira ◽  
Fernando Almeida
Keyword(s):  
Information Technology ◽  
Data Protection ◽  
The State ◽  
Quantitative Methodology ◽  
Content Type ◽  
General Data Protection Regulation ◽  
European Data ◽  
General Data ◽  
The Right ◽  
The Impact

PurposeThe implementation of European data protection is a challenge for businesses and has imposed legal, technical and organizational changes for companies. This study aims to explore the benefits and challenges that companies operating in the information technology (IT) sector have experienced in applying the European data protection. Additionally, this study aims to explore whether the benefits and challenges faced by these companies were different considering their dimension and the state of implementation of the regulation.Design/methodology/approachThis study adopts a quantitative methodology, based on a survey conducted with Portuguese IT companies. The survey is composed of 30 questions divided into three sections, namely, control data; assessment; and benefits and challenges. The survey was created on Google Drive and distributed among Portuguese IT companies between March and April of 2019. The data were analyzed using the Stata software using descriptive and inferential analysis techniques using the ANOVA one-way test.FindingsA total of 286 responses were received. The main benefits identified by the application of European data protection include increased confidence and legal clarification. On the other hand, the main challenges include the execution of audits to systems and processes and the application of the right to erasure. The findings allow us to conclude that the state of implementation of the general data protection regulation (GDPR), and the type of company are discriminating factors in the perception of benefits and challenges.Research limitations/implicationsThis study has essentially practical implications. Based on the synthesis of the benefits and challenges posed by the adoption of European data protection, it is possible to assess the relative importance and impact of the benefits and challenges faced by companies in the IT sector. However, this study does not explore the type of challenges that are placed at each stage of the adoption of European data protection and does not take into account the specificities of the activities carried out by each of these companies.Originality/valueThe implementation of the GDPR is still in an initial phase. This study is pioneering in synthesizing the main benefits and challenges of its adoption considering the companies operating in the IT sector. Furthermore, this study explores the impact of the size of the company and the status of implementation of the GDPR on the perception of the established benefits and challenges.

scholarly journals Adtech and Real-Time Bidding under European Data Protection Law

2021 ◽  
Author(s):  
Michael Veale ◽  
Frederik Zuiderveen Borgesius
Keyword(s):  
Real Time ◽  
Data Protection ◽  
Mobile Applications ◽  
Security Requirements ◽  
Legal Basis ◽  
General Data Protection Regulation ◽  
European Data ◽  
Prior Consent ◽  
General Data ◽  
Data Protection Law

This paper discusses the troubled relationship between contemporary advertising technology (adtech) systems, in particular systems of real-time bidding (RTB, also known as programmatic advertising) underpinning much behavioural targeting on the web and through mobile applications. This paper analyses the extent to which practices of RTB are compatible with the requirements regarding (i) a legal basis for processing, transparency, and security in European data protection law. We first introduce the technologies at play through explaining and analysing the systems deployed online today. Following that, we turn to the law. Rather than analyse RTB against every provision of the General Data Protection Regulation (GDPR), we consider RTB in the context of the GDPR’s requirement of a legal basis for processing and the GDPR’s transparency and security requirements. We show, first, that the GDPR requires prior consent of the internet user for RTB, as other legal bases are not appropriate. Second, we show that it is difficult – and perhaps impossible – for website publishers and RTB companies to meet the GDPR’s transparency requirements. Third, RTB incentivises insecure data processing. We conclude that, in concept and in practice, RTB is structurally difficult to reconcile with European data protection law. Therefore, intervention by regulators is necessary.

Sign in / Sign up

Export Citation Format

Share Document