Data Portability as a Data Subject Right

2021 ◽  
pp. 159-188
Author(s):  
Helena U. Vrabec
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Narrow Scope ◽  
Right To Be Forgotten ◽  
Data Protection Law ◽  
Data Portability ◽  
The Right ◽  
Data Subject

Chapter 7 analyses the right to data portability set out in Article 20 of the GDPR. It first provides an overview of several commercial and regulatory initiatives that preceded the GDPR version of the right to personal data portability. Next, it explores the language of Article 20 to demonstrate the effects of the narrow scope of the right. The chapter then shows how data portability interacts with other data subject rights, particularly with the right to access and the right to be forgotten, before it describes manifestations of data portability in legal areas outside of the data protection law. Finally, the chapter explores the specific objective of the right to data portability under the GDPR as an enabler of data subjects’ control.

Article 9 Processing of special categories of personal data

2020 ◽  
Author(s):  
Ludmila Georgieva ◽  
Christopher Kuner
Keyword(s):  
Decision Making ◽  
Data Protection ◽  
Personal Data ◽  
Genetic Data ◽  
Biometric Data ◽  
Individual Decision Making ◽  
Vital Interest ◽  
Data Portability ◽  
Definition Of ◽  
Data Subject

Article 4(1) (Definition of personal data); Article 4(2) (Definition of processing); Article 4(11) (Definition of consent); Article 4(13) (Definition of genetic data, see also recital 34); Article 4(14) (Definition of biometric data); Article 4(15) (Definition of data concerning health, see also recital 35); Article 6(4)(c) (Lawfulness of processing, compatibility test) (see too recital 46 on vital interest); Article 13(2)(c) (Information to be provided where personal data are collected from the data subject); Article 17(1)(b), (3)(c) (Right to erasure (‘right to be forgotten’)); Article 20(1)(a) (Right to data portability); Article 22(4) (Automated individual decision-making, including profiling); Article 27(2)(a) (Representatives of controllers or processors not established in the Union); Article 30(5) (Records of processing activities); Article 35(3)(b) (Data protection impact assessment) (see too recital 91); Article 37(1)(c) (Designation of the data protection officer) (see too recital 97); Article 83(5)(a) (General conditions for imposing administrative fines).

The Right of Access under EU Data Protection Law

2021 ◽  
pp. 104-128
Author(s):  
Helena U. Vrabec
Keyword(s):  
Decision Making ◽  
Data Protection ◽  
Shared Data ◽  
The Core ◽  
Data Protection Law ◽  
The Right ◽  
Automated Decision Making ◽  
Right Of Access ◽  
Data Subject ◽  
Core Part

Chapter 5 focuses on Article 15 of the GDPR and explains the scope of the information that can be accessed under the right. The chapter then discusses the importance of the interface to submit data subject access requests. The core part of Chapter 5 is the analysis of the regulatory boundaries of the right of access and various avenues to limit the right, for instance, a conflict with the rights of another individual. Finally, the chapter illustrates how the right of access is applied in the data-driven economy by applying it to three different contexts: shared data, anonymised/pseudonymised data, and automated decision-making.

scholarly journals Right of Access under GDPR and Copyright

2018 ◽  
Vol 12 (2) ◽  
pp. 221-246
Author(s):  
Angela Sobolčiaková
Keyword(s):  
Data Protection ◽  
Copyright Protection ◽  
Personal Data ◽  
Case Law ◽  
Main Question ◽  
The Subject ◽  
The Right ◽  
Access Right ◽  
Right Of Access ◽  
Data Subject

The paper discusses the right to obtain a copy of personal data based on the access right guaranteed in Articles 15 (3) and limited in 15 (4) of the GDPR. Main question is to what extent, the access right provided to data subject under the data protection rules is compatible with copyright. We argue that the subject matter of Article 15 (3) of the GDPR - copy of personal data – may infringe copyright protection of third parties but not a copyright protection attributed to the data controllers.Firstly, because the right of access and copyright may be in certain circumstances incompatible. Secondly, the data controllers are primarily responsible for balancing conflicting rights and neutral balancing exercise could only be applied by the Data Protection Authorities. Thirdly, the case law of the CJEU regarding this issue will need to be developed because the copy as a result of access right may be considered as a new element in data protection law.

The Right to Erasure in EU Data Protection Law

2020 ◽  
Author(s):  
Jef Ausloos
Keyword(s):  
Data Protection ◽  
Fundamental Rights ◽  
Individual Autonomy ◽  
General Data Protection Regulation ◽  
Power Asymmetries ◽  
The Face ◽  
Charter Of Fundamental Rights ◽  
Data Protection Law ◽  
The Right ◽  
Data Subject

This book critically investigates the role of data subject rights in countering information and power asymmetries online. It aims at dissecting ‘data subject empowerment’ in the information society through the lens of the right to erasure (‘right to be forgotten’) in Article 17 of the General Data Protection Regulation (GDPR). In doing so, it provides an extensive analysis of the interaction between the GDPR and the fundamental right to data protection in Article 8 of the Charter of Fundamental Rights of the EU (Charter), how data subject rights affect fair balancing of fundamental rights, and what the practical challenges are to effective data subject rights. The book starts with exploring the data-driven asymmetries that characterize individuals’ relationship with tech giants. These commercial entities increasingly anticipate and govern how people interact with each other and the world around them, affecting core values such as individual autonomy, dignity, and freedom. The book explores how data protection law, and data subject rights in particular, enable resisting, breaking down or at the very least critically engaging with these asymmetric relationships. It concludes that despite substantial legal and practical hurdles, the GDPR’s right to erasure does play a meaningful role in furthering the fundamental right to data protection (Art 8 Charter) in the face of power asymmetries online.

Incomplete Data Protection Law

2014 ◽  
Vol 15 (6) ◽  
pp. 1071-1104
Author(s):  
Kunbei Zhang
Keyword(s):  
Legal System ◽  
Data Protection ◽  
Personal Data ◽  
Tort Liability ◽  
Host Countries ◽  
European Data ◽  
Chinese Perspective ◽  
Data Protection Law ◽  
The Right

The European legal system governing data protection issues is widely regarded as an adequate blueprint for late developers to follow. According to this position, host countries will benefit from receiving the ready-made data protection law because it has already gone through a process of trial and error in Europe. For example, China follows the traditional civil law measures on data protection, such as contractual and tort liability. No Chinese legislation deals specifically with the right to protection of personal data. In China, researchers paid attention to the European legal system, which is regarded as the milestone for data protection. Some vigorously suggest that China should quickly move to enact data protection law based on the model provided by European law.When Chinese researchers strongly promote the European legal system over data protection issues, they send an underlying message that the quality of European laws is good enough to sufficiently deter violations: Individuals would be prohibited from carrying out harmful actions as soon as the expected law is transplanted to China. From a Chinese perspective, our country could quickly move to enact a similar law following the tone of Europe in order to enhance the efficiency of data protection. But is this a compelling position? Will European data protection laws indeed regulate unambiguously and prospectively? Will European data protection laws provide clear guidance to Chinese judges for resolving data protection-related cases? And will the court-enforced laws sufficiently solve the broad spectrum of problems on data use? Understanding the European enforcement mechanism covering data protection issues, and thereby assessing its efficacy on deterrence, is vital to answering these questions.

scholarly journals Gender Transition: Is There a Right to Be Forgotten?

2021 ◽  
Author(s):  
Mónica Correia ◽  
Guilhermina Rêgo ◽  
Rui Nunes
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Health Data ◽  
Information Control ◽  
The European Union ◽  
Gender Transition ◽  
General Data Protection Regulation ◽  
Right To Be Forgotten ◽  
And Gender ◽  
The Right

AbstractThe European Union (EU) faced high risks from personal data proliferation to individuals’ privacy. Legislation has emerged that seeks to articulate all interests at stake, balancing the need for data flow from EU countries with protecting personal data: the General Data Protection Regulation. One of the mechanisms established by this new law to strengthen the individual’s control over their data is the so-called “right to be forgotten”, the right to obtain from the controller the erasure of records. In gender transition, this right represents a powerful form of control over personal data, especially health data that may reveal a gender with which they do not identify and reject. Therefore, it is pertinent to discern whether the right to have personal data deleted—in particular, health data—is ethically acceptable in gender transition. Towards addressing the ethical dimensions of the right to be forgotten in this case, this study presents relevant concepts, briefly outlines history, ethics and law of records considering the evolution from paper to electronic format, the main aspects of identity construction and gender identity, and explores the relationship between privacy, data protection/information control and identity projection. Also, it discusses in gender transition the relation between “the right to self-determination”, “the right to delete”, and “the right to identity and individuality”. Conclusions on the ethical admissibility of the ‘right to be forgotten’ to control gender-affirming information are presented.

scholarly journals Can the Internet Forget? – Rhe Eight to be Forgotten in the EU Law and its Actual Impact on the Internet. Comparison of the Approaches Towards the Notion and Assessment of its Effectiveness

2020 ◽  
Vol 9 (1) ◽  
pp. 86-101
Author(s):  
Aleksandra Gebuza
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
The Internet ◽  
Eu Law ◽  
General Data Protection Regulation ◽  
Actual Impact ◽  
Right To Be Forgotten ◽  
General Data ◽  
The Right ◽  
The Eu

AbstractThe main aim of the article is to provide analysis on the notion of the right to be forgotten developed by the CJEU in the ruling Google v. AEPD & Gonzalez and by the General Data Protection Regulation within the context of the processing of personal data on the Internet. The analysis provides the comparison of approach towards the notion between European and American jurisprudence and doctrine, in order to demonstrate the scale of difficulty in applying the concept in practice.

Sign in / Sign up

Export Citation Format

Share Document