Blockchain can both enhance and undermine compliance but is not inherently at odds with EU privacy laws

2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Lokke Moerel ◽  
Marijn Storm
Keyword(s):  
Data Protection ◽  
Design Methodology ◽  
New Technology ◽  
Extensive Experience ◽  
Content Type ◽  
General Data Protection Regulation ◽  
Blockchain Technology ◽  
Privacy Laws ◽  
General Data ◽  
The Eu

Purpose To explain the authors’ position that the use of blockchain technology is not incompatible with European Union privacy laws and in particular the EU General Data Protection Regulation (GDPR). Design/methodology/approach Explains the basics of blockchain technology and the GDPR, several reasons why some scholars consider BC not to be compatible with the GDPR, and why the authors believe that the GDPR will be able to regulate the use of blockchain technology. Findings The current perception is that blockchain is not compatible with EU privacy laws. The authors disagree that this is the case and explain why none of the issues identified by legal scholars and stakeholders are likely to pose issues for blockchain technology. Their conclusion is that EU privacy laws are well able to regulate also this new technology. This does however not mean that blockchain will thus be suitable for all use and deployment cases. Originality/value Practical guidance and explanation of complex issues by lawyers with extensive experience and expertise in dealing with data protection, cybersecurity, privacy, intellectual property and related issues.

Brexit will not defy EU data protection gold standard

2017 ◽  
Keyword(s):  
Data Protection ◽  
Gold Standard ◽  
Content Type ◽  
General Data Protection Regulation ◽  
General Data ◽  
Uk Government ◽  
The Uk ◽  
The Eu

Subject Data protection and Brexit. Significance On August 7 the UK government announced plans to unveil by year-end a Data Protection Bill to transfer into UK law the EU General Data Protection Regulation (GDPR), which takes effect on May 25, 2018. Impacts Large UK-based businesses have been preparing for the GDPR, but smaller ones have not and are unlikely to be compliant by the deadline. To reduce the risk to business, the UK government may seek to include GDPR compliance in any Brexit transition agreement. Although perfect ‘cyber resilience’ is impossible, demand for such services will increase.

A Layered Approach to Jurisdiction

2017 ◽  
Author(s):  
Dan Jerker B. Svantesson
Keyword(s):  
Data Protection ◽  
Data Privacy ◽  
General Data Protection Regulation ◽  
Legal Rules ◽  
Privacy Laws ◽  
Scope Of Application ◽  
General Data ◽  
Layered Approach ◽  
Substantive Law

This chapter observes how it may be inappropriate to apply a single jurisdictional threshold to diverse instruments such as data privacy laws. In the light of this observation, a proposal is outlined for a ‘layered approach’ under which the substantive law rules of such instruments are broken up into different layers, with different jurisdictional thresholds applied to each such layer. This layered approach is discussed primarily as a technique to be utilized in legal drafting, but it may also be applied in the interpretation and application of legal rules. Article 3 of the European Union’s General Data Protection Regulation, which determines that regulation’s scope of application in a territorial sense, provides a particularly useful lens through which to approach this topic and, thus, the discussion is largely centred around that Article.

scholarly journals The EU General Data Protection Regulation (GDPR)

2020 ◽  
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Privacy Regulation ◽  
General Data Protection Regulation ◽  
Data Protection Directive ◽  
Ongoing Work ◽  
Protection Legislation ◽  
Recent Reform ◽  
General Data ◽  
The Eu

This new book provides an article-by-article commentary on the new EU General Data Protection Regulation. Adopted in April 2016 and applicable from May 2018, the GDPR is the centrepiece of the recent reform of the EU regulatory framework for protection of personal data. It replaces the 1995 EU Data Protection Directive and has become the most significant piece of data protection legislation anywhere in the world. This book is edited by three leading authorities and written by a team of expert specialists in the field from around the EU and representing different sectors (including academia, the EU institutions, data protection authorities, and the private sector), thus providing a pan-European analysis of the GDPR. It examines each article of the GDPR in sequential order and explains how its provisions work, thus allowing the reader to easily and quickly elucidate the meaning of individual articles. An introductory chapter provides an overview of the background to the GDPR and its place in the greater structure of EU law and human rights law. Account is also taken of closely linked legal instruments, such as the Directive on Data Protection and Law Enforcement that was adopted concurrently with the GDPR, and of the ongoing work on the proposed new E-Privacy Regulation.

scholarly journals The GDPR as Global Data Protection Regulation?

AJIL Unbound ◽  
2020 ◽  
Vol 114 ◽  
pp. 5-9 ◽  
Author(s):  
Cedric Ryngaert ◽  
Mistale Taylor
Keyword(s):  
International Law ◽  
Data Protection ◽  
Personal Data ◽  
Fundamental Rights ◽  
General Data Protection Regulation ◽  
Data Protection Directive ◽  
Protection Legislation ◽  
General Data ◽  
Global Data ◽  
The Eu

The deterritorialization of the Internet and international communications technology has given rise to acute jurisdictional questions regarding who may regulate online activities. In the absence of a global regulator, states act unilaterally, applying their own laws to transborder activities. The EU's “extraterritorial” application of its data protection legislation—initially the Data Protection Directive (DPD) and, since 2018, the General Data Protection Regulation (GDPR)—is a case in point. The GDPR applies to “the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to: (a) the offering of goods or services . . . to such data subjects in the Union; or (b) the monitoring of their behaviour . . . within the Union.” It also conditions data transfers outside the EU on third states having adequate (meaning essentially equivalent) data protection standards. This essay outlines forms of extraterritoriality evident in EU data protection law, which could be legitimized by certain fundamental rights obligations. It then looks at how the EU balances data protection with third states’ countervailing interests. This approach can involve burdens not only for third states or corporations, but also for the EU political branches themselves. EU law viewed through the lens of public international law shows how local regulation is going global, despite its goal of protecting only EU data subjects.

The ethics of “smart” advertising and regulatory initiatives in the consumer intelligence industry

Info ◽  
2014 ◽  
Vol 16 (3) ◽  
pp. 22-39 ◽  
Author(s):  
Rachel L. Finn ◽  
Kush Wadhwa
Keyword(s):  
Data Protection ◽  
Ethical Issues ◽  
Mobile Media ◽  
Media Environment ◽  
Content Type ◽  
General Data Protection Regulation ◽  
Smart Surveillance ◽  
The Us ◽  
General Data ◽  
Consumer Intelligence

Purpose – This paper aims to study the ethics of “smart” advertising and regulatory initiatives in the consumer intelligence industry. Increasingly, online behavioural advertising strategies, especially in the mobile media environment, are being integrated with other existing and emerging technologies to create new techniques based on “smart” surveillance practices. These “smart” surveillance practices have ethical impacts including identifiability, inequality, a chilling effect, the objectification, exploitation and manipulation of consumers as well as information asymmetries. This article examines three regulatory initiatives – privacy-by-design considerations, the proposed General Data Protection Regulation of the EU and the US Do-Not-Track Online Act of 2013 – that have sought to address the privacy and data protection issues associated with these practices. Design/methodology/approach – The authors performed a critical literature review of academic, grey and journalistic publications surrounding behavioural advertising to identify the capabilities of existing and emerging advertising practices and their potential ethical impacts. This information was used to explore how well-proposed regulatory mechanisms might address current and emerging ethical and privacy issues in the emerging mobile media environment. Findings – The article concludes that all three regulatory initiatives fall short of providing adequate consumer and citizen protection in relation to online behavioural advertising as well as “smart” advertising. Originality/value – The article demonstrates that existing and proposed regulatory initiatives need to be amended to provide adequate citizen protection and describes how a focus on privacy and data protection does not address all of the ethical issues raised.

scholarly journals To What Extent Does the EU General Data Protection Regulation (GDPR) Apply to Citizen Scientist-Led Health Research with Mobile Devices?

2020 ◽  
Vol 48 (S1) ◽  
pp. 187-195
Author(s):  
Edward S. Dove ◽  
Jiahong Chen
Keyword(s):  
Mobile Devices ◽  
Data Protection ◽  
Health Research ◽  
Health Data ◽  
Specific Context ◽  
General Data Protection Regulation ◽  
Citizen Scientist ◽  
Open Questions ◽  
General Data ◽  
The Eu

In this article, we consider the possible application of the European General Data Protection Regulation (GDPR) to “citizen scientist”-led health research with mobile devices. We argue that the GDPR likely does cover this activity, depending on the specific context and the territorial scope. Remaining open questions that result from our analysis lead us to call for lex specialis that would provide greater clarity and certainty regarding the processing of health data by for research purposes, including these non-traditional researchers.

Analysis of the US Privacy Model

2019 ◽  
Vol 3 (1) ◽  
pp. 43-52
Author(s):  
Francisco García Martínez
Keyword(s):  
Data Privacy ◽  
Personal Information ◽  
National Level ◽  
The United States ◽  
The European Union ◽  
General Data Protection Regulation ◽  
Privacy Laws ◽  
The Us ◽  
General Data ◽  
The Eu

The creation of the General Data Protection Regulation (GDPR) constituted an enormous advance in data privacy, empowering the online consumers, who were doomed to the complete loss of control of their personal information. Although it may first seem that it only affects companies within the European Union, the regulation clearly states that every company who has businesses in the EU must be compliant with the GDPR. Other non-EU countries, like the United States, have seen the benefits of the GDPR and are already developing their own privacy laws. In this article, the most important updates introduced by the GDPR concerning US corporations will be discussed, as well as how American companies can become compliant with the regulation. Besides, a comparison between the GDPR and the state of art of privacy in the US will be presented, highlighting similarities and disparities at the national level and in states of particular interest.

International Organizations and the EU General Data Protection Regulation

2019 ◽  
Vol 16 (1) ◽  
pp. 158-191 ◽  
Author(s):  
Christopher Kuner
Keyword(s):  
International Law ◽  
International Organizations ◽  
Data Protection ◽  
Personal Data ◽  
Eu Law ◽  
Protection Measures ◽  
General Data Protection Regulation ◽  
General Data ◽  
High Level ◽  
The Eu

The importance of personal data processing for international organizations (‘IOs’) demonstrates the need for them to implement data protection in their work. The EU General Data Protection Regulation (‘GDPR’) will be influential around the world, and will impact IOs as well. Its application to them should be determined under relevant principles of EU law and public international law, and it should be interpreted consistently with the international obligations of the EU and its Member States. However, IOs should implement data protection measures regardless of whether the GDPR applies to them in a legal sense. There is a need for EU law and international law to take each other better into account, so that IOs can enjoy their privileges and immunities also with regard to EU law and avoid conflicts with international law, while still providing a high level of data protection in their operations.

Sign in / Sign up

Export Citation Format

Share Document