Foundations of Data Protection Law

2020 ◽  
pp. 37-116
Author(s):  
Jef Ausloos
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Fundamental Rights ◽  
Historical Overview ◽  
Legislative History ◽  
Ex Post ◽  
Technological Developments ◽  
Data Protection Law ◽  
Fundamental Rights And Freedoms ◽  
The Right

Chapter 2 lays the groundwork for the rest of the book, clearly delineating the fundamental right to data protection, its relation to the GDPR, and the right to erasure in it. The historical overview demonstrates that the emergence of data protection is inherently tied to technological developments and how these may amplify power asymmetries. It is also made clear that informational self-determination or control over personal data lies at the heart of the fundamental right to data protection as proclaimed in Article 8 Charter. This is a clear difference with the GDPR that has a much wider prerogative, ie protecting all fundamental rights and freedoms whenever personal data is being processed. Put differently, whereas Article 8 Charter safeguards a minimum level of control over one’s personal data, the GDPR installs a fair balancing framework that safeguards any and all fundamental rights and freedoms as they are affected by the processing of personal data. The substantive provisions of the GDPR can be divided into four categories along the lines of ex ante v ex post and protective v empowerment measures (see data protection matrix). This chapter ends with positioning the right to erasure within the GDPR’s arsenal of ex post empowerment measures, describing its legislative history as well as its main benefits and drawbacks.

Balancing in the GDPR

2020 ◽  
pp. 277-330
Author(s):  
Jef Ausloos
Keyword(s):  
Iterative Process ◽  
Personal Data ◽  
Fundamental Rights ◽  
Clear Cut ◽  
Ex Post ◽  
Fundamental Rights And Freedoms ◽  
Basic Infrastructure ◽  
The Right ◽  
Data Subject ◽  
Conflicts Of Rights

This chapter takes a step back and looks at fair balancing acts induced by invoking the right to erasure. It starts with comparing balancing of fundamental rights and freedoms in the Charter with balancing in the GDPR. Indeed, it re-emphasizes how the GDPR as a whole, essentially constitutes a framework for fair balancing of rights, freedoms, and interests in the context of personal data processing. The chapter then lays out the actual blueprint for such fair balancing in the GDPR. It becomes clear how fair balancing in the GDPR is an iterative process, with ex ante and ex post balancing acts. The former need to be performed before processing initiates, and the latter refer to subsequent balances as triggered by data subject rights for example. Overall, the very nature of fair balancing does not allow for clear-cut, categorical answers to conflicts of rights, freedoms, and/or interests. Instead the GDPR should be looked at as defining the basic infrastructure for ensuring fair balancing, further to be refined by relevant stakeholders. This can notably happen through standards or certification mechanisms, guidance by authorities, and by controllers themselves.

Enhancing Compliance under the General Data Protection Regulation: The Risky Upshot of the Accountability- and Risk-based Approach

2018 ◽  
Vol 9 (3) ◽  
pp. 502-526 ◽  
Author(s):  
Claudia QUELLE
Keyword(s):  
Data Protection ◽  
Fundamental Rights ◽  
New Approach ◽  
General Data Protection Regulation ◽  
Legal Norms ◽  
Improve Compliance ◽  
Rules And Principles ◽  
General Data ◽  
Data Protection Law ◽  
Fundamental Rights And Freedoms

The risk-based approach has been introduced to the General Data Protection Regulation (GDPR) to make the rules and principles of data protection law “work better”. Organisations are required to calibrate the legal norms in the GDPR with an eye to the risks posed to the rights and freedoms of individuals. This article is devoted to an analysis of the way in which this new approach relates to “tick-box” compliance. How can the law enhance itself? If handled properly by controllers and supervisory authorities, the risk-based approach can bring about a valuable shift in data protection towards substantive protection of fundamental rights and freedoms. While the risk-based approach has a lot of potential, it also has a risk of its own: it relies on controllers to improve compliance, formulating what it means to attain compliance 2.0.

scholarly journals The HES-code and the data protection during COVID-19 pandemic in Turkey

Bioethica ◽  
2021 ◽  
Vol 7 (2) ◽  
pp. 69
Author(s):  
Sabah Mine Cangil
Keyword(s):  
Data Protection ◽  
Mobile Applications ◽  
Personal Data ◽  
Health Data ◽  
Fundamental Rights ◽  
Legal Issues ◽  
Legal Problems ◽  
Fundamental Rights And Freedoms ◽  
The Individual

Mobile applications are a beneficial tool to fight the coronavirus. With the mobile tracing applications, it became easier to cut the chain of transmission of the virus and reduce the number of daily cases. Many countries developed their applications and made them available to their citizens. While using these applications, it is necessary to protect the fundamental rights and freedoms of the individual. This frequent processing of individuals' health data has created legal problems regarding the protection of personal data. The purpose of this paper is to present a study on the Turkish Covid-19 tracing application “Hayat Eve Sığar-HES” and the legal issues behind the application. 

The Right to Erasure in EU Data Protection Law

2020 ◽  
Author(s):  
Jef Ausloos
Keyword(s):  
Data Protection ◽  
Fundamental Rights ◽  
Individual Autonomy ◽  
General Data Protection Regulation ◽  
Power Asymmetries ◽  
The Face ◽  
Charter Of Fundamental Rights ◽  
Data Protection Law ◽  
The Right ◽  
Data Subject

This book critically investigates the role of data subject rights in countering information and power asymmetries online. It aims at dissecting ‘data subject empowerment’ in the information society through the lens of the right to erasure (‘right to be forgotten’) in Article 17 of the General Data Protection Regulation (GDPR). In doing so, it provides an extensive analysis of the interaction between the GDPR and the fundamental right to data protection in Article 8 of the Charter of Fundamental Rights of the EU (Charter), how data subject rights affect fair balancing of fundamental rights, and what the practical challenges are to effective data subject rights. The book starts with exploring the data-driven asymmetries that characterize individuals’ relationship with tech giants. These commercial entities increasingly anticipate and govern how people interact with each other and the world around them, affecting core values such as individual autonomy, dignity, and freedom. The book explores how data protection law, and data subject rights in particular, enable resisting, breaking down or at the very least critically engaging with these asymmetric relationships. It concludes that despite substantial legal and practical hurdles, the GDPR’s right to erasure does play a meaningful role in furthering the fundamental right to data protection (Art 8 Charter) in the face of power asymmetries online.

Incomplete Data Protection Law

2014 ◽  
Vol 15 (6) ◽  
pp. 1071-1104
Author(s):  
Kunbei Zhang
Keyword(s):  
Legal System ◽  
Data Protection ◽  
Personal Data ◽  
Tort Liability ◽  
Host Countries ◽  
European Data ◽  
Chinese Perspective ◽  
Data Protection Law ◽  
The Right

The European legal system governing data protection issues is widely regarded as an adequate blueprint for late developers to follow. According to this position, host countries will benefit from receiving the ready-made data protection law because it has already gone through a process of trial and error in Europe. For example, China follows the traditional civil law measures on data protection, such as contractual and tort liability. No Chinese legislation deals specifically with the right to protection of personal data. In China, researchers paid attention to the European legal system, which is regarded as the milestone for data protection. Some vigorously suggest that China should quickly move to enact data protection law based on the model provided by European law.When Chinese researchers strongly promote the European legal system over data protection issues, they send an underlying message that the quality of European laws is good enough to sufficiently deter violations: Individuals would be prohibited from carrying out harmful actions as soon as the expected law is transplanted to China. From a Chinese perspective, our country could quickly move to enact a similar law following the tone of Europe in order to enhance the efficiency of data protection. But is this a compelling position? Will European data protection laws indeed regulate unambiguously and prospectively? Will European data protection laws provide clear guidance to Chinese judges for resolving data protection-related cases? And will the court-enforced laws sufficiently solve the broad spectrum of problems on data use? Understanding the European enforcement mechanism covering data protection issues, and thereby assessing its efficacy on deterrence, is vital to answering these questions.

Data Portability as a Data Subject Right

2021 ◽  
pp. 159-188
Author(s):  
Helena U. Vrabec
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Narrow Scope ◽  
Right To Be Forgotten ◽  
Data Protection Law ◽  
Data Portability ◽  
The Right ◽  
Data Subject

Chapter 7 analyses the right to data portability set out in Article 20 of the GDPR. It first provides an overview of several commercial and regulatory initiatives that preceded the GDPR version of the right to personal data portability. Next, it explores the language of Article 20 to demonstrate the effects of the narrow scope of the right. The chapter then shows how data portability interacts with other data subject rights, particularly with the right to access and the right to be forgotten, before it describes manifestations of data portability in legal areas outside of the data protection law. Finally, the chapter explores the specific objective of the right to data portability under the GDPR as an enabler of data subjects’ control.

Der Schutz personenbezogener Daten eines Whistleblowers in der Europäischen Kommission

2021 ◽  
Author(s):  
Christoph Aust
Keyword(s):  
European Union ◽  
Data Protection ◽  
Personal Data ◽  
Current Data ◽  
Fundamental Rights ◽  
Law Firms ◽  
The European Union ◽  
Doctoral Thesis ◽  
Data Protection Law ◽  
Definition Of

The doctoral thesis explains what is meant by “whistleblowing” and examines the conditions under which such behavior is legally protected at the level of the European Union. A definition of whistleblowing is derived from the fundamental rights of the European Union. In addition, taking into account current data protection developments, in particular the GDPR, the protection of the personal data of a whistleblower is comprehensively assessed. The author has been active in the field of data protection law for years and worked as a legal trainee at the Hamburg data protection officer and various law firms with a focus on IT law and data protection law.

scholarly journals The Right to Privacy—A Fundamental Right in Search of Its Identity: Uncovering the CJEU’s Flawed Concept of the Right to Privacy

2019 ◽  
Vol 20 (05) ◽  
pp. 722-733 ◽  
Author(s):  
Valentin M. Pfisterer
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Fundamental Rights ◽  
The Political ◽  
Strong Impact ◽  
Right To Privacy ◽  
Eu Member States ◽  
The Right To Privacy ◽  
The Right ◽  
The Eu

AbstractIn recent years, the CJEU has impressively brought to bear the protection of the fundamental rights to privacy and protection of personal data as contained in the CFREU. The Court’s decisions in the Digital Rights, Schrems, Tele2, and PNR cases have reshaped the political and legal landscape in Europe and beyond. By restricting the powers of the governments of EU Member States and annulling legislative acts enacted by the EU legislator, the decisions had, and continue to have, effects well beyond the respective individual cases. Despite their strong impact on privacy and data protection across Europe, however, these landmark decisions reveal a number of flaws and inconsistencies in the conceptualization of the rights to privacy and protection of personal data as endorsed and interpreted by the CJEU. This Article identifies and discusses some of the shortcomings revealed in the recent CJEU privacy and data protection landmark decisions and proposes to the CJEU a strategy aimed at resolving these shortcomings going forward.

Bridge Is Down, Data Truck Can’t Get Through …

2017 ◽  
Author(s):  
Oreste Pollicino ◽  
Marco Bassini
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Private Life ◽  
Fundamental Rights ◽  
The European Union ◽  
Technological Environment ◽  
Court Of Justice ◽  
The Us ◽  
Charter Of Fundamental Rights ◽  
The Right

The decision of the Court of Justice in Schrems follows the Digital Rights Ireland and Google Spain stances in the Court process of revisiting the data protection framework in Europe in light of the Charter of Fundamental Rights of the European Union. Through the invalidation of Decision 2000/520/EC of the Commission on the adequacy of the US safe harbor principles, the Court of Justice has relied on a very extensive interpretation of the right to private life and data protection. As in the former decisions that have let emerge the existence of a new digital right to privacy, this judgment mirrors some degree of manipulation by the Court of Justice, justified by the goal of protecting as much as possible personal data in the new technological environment.

scholarly journals Data Portability and Data Control: Lessons for an Emerging Concept in EU Law

2018 ◽  
Vol 19 (6) ◽  
pp. 1359-1398 ◽  
Author(s):  
Inge Graef ◽  
Martin Husovec ◽  
Nadezhda Purtova
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
General Purpose ◽  
Current Data ◽  
Fundamental Rights ◽  
Eu Law ◽  
General Data Protection Regulation ◽  
Data Control ◽  
Data Portability ◽  
The Right

AbstractThe right to data portability (RtDP) introduced by Article 20 of the General Data Protection Regulation (GDPR) forms a regulatory innovation within EU law. The RtDP provides data subjects with the possibility to transfer personal data among data controllers, but has an impact beyond data protection. In particular, the RtDP facilitates the reuse of personal data that private companies hold by establishing a general-purpose control mechanism of horizontal application. Article 20 of the GDPR is agnostic about the type of use that follows from the ported data and its further diffusion. We argue that the RtDP does not fit well with the fundamental rights nature of data protection law, and should instead be seen as a new regulatory tool in EU law that aims to stimulate competition and innovation in data-driven markets.What remains unclear is the extent to which the RtDP will be limited in its aspirations where intellectual property rights of current data holders—such as copyright, trade secrets andsui generisdatabase rights—cause the regimes to clash. In such cases, a reconciliation of the interests might particularly confine the follow-on use of ported data again to specific set of socially justifiable purposes, possibly with schemes of fair remuneration. Despite these uncertainties, the RtDP is already being replicated in other fields, namely consumer protection law and the regulation of non-personal data. Competition law can also facilitate portability of data, but only for purpose-specific goals with the aim of addressing anticompetitive behavior.We conclude that to the extent that other regimes will try to replicate the RtDP, they should closely consider the nature of the resulting control and its breadth and impact on incentives to innovate. In any case, the creation of data portability regimes should not become an end in itself. With an increasing number of instruments, orchestrating the consistency of legal regimes within the Digital Single Market and their mutual interplay should become an equally important concern.

Sign in / Sign up

Export Citation Format

Share Document