Developing an Inspection Checklist for the Adequacy Assessment of Software Systems to Quality Attributes of the Brazilian General Data Protection Law: An Initial Proposal

Regulation Theory ◽

Régulation Theory ◽

General Data ◽

Data Protection Law ◽

The Way

The main goal of this book is to provide an understanding of what is commonly referred to as “the risk-based approach to data protection”. An expression that came to the fore during the overhaul process of the EU’s General Data Protection Regulation (GDPR)—even though it can also be found in other statutes under different acceptations. At its core it consists in endowing the regulated organisation that process personal data with increased responsibility for complying with data protection mandates. Such increased compliance duties are performed through risk management tools. It addresses this topic from various perspectives. In framing the risk-based approach as the latest model of a series of regulation models, the book provides an analysis of data protection law from the perspective of regulation theory as well as risk and risk management literatures, and their mutual interlinkages. Further, it provides an overview of the policy developments that led to the adoption of such an approach, which it discusses in the light of regulation theory. It also includes various discussions pertaining to the risk-based approach’s scope and meaning, to the way it has been uptaken in statutes including key provisions such as accountability and data protection impact assessments, or to its potential and limitations. Finally, it analyses how the risk-based approach can be implemented in practice by providing technical analyses of various data protection risk management methodologies.

Protecting Genetic Privacy in Biobanking through Data Protection Law

10.1093/oso/9780192896476.001.0001 ◽

2021 ◽

Author(s):

Dara Hallinan

Keyword(s):

Data Protection ◽

Critical Infrastructure ◽

Legal Framework ◽

Privacy Rights ◽

Genetic Privacy ◽

General Data ◽

Research Biobanks ◽

The Subject ◽

Biobanks are critical infrastructure for medical research. Biobanks, however, are also the subject of considerable ethical and legal uncertainty. Given that biobanks process large quantities of genomic data, questions have emerged as to how genetic privacy should be protected. What types of genetic privacy rights and rights holders should be protected and to what extent? Since 25 May 2018, the General Data Protection Regulation (GDPR) has applied and now occupies a key position in the European legal framework for the regulation of biobanking. This book takes an in-depth look at the function, problems, and opportunities presented by European data protection law under the GDPR as a framework for the protection of genetic privacy in biobanking. It argues that the substantive framework presented by the GDPR already offers an admirable baseline level of protection for the range of genetic privacy rights engaged by biobanking. The book further contends that while numerous problems with this standard of protection are indeed identifiable, the GDPR offers the flexibility to accommodate solutions to these problems, as well as the procedural mechanisms to realise these solutions.

The Second Internet: The Brussels Bourgeois Internet

Four Internets ◽

10.1093/oso/9780197523681.003.0007 ◽

2021 ◽

pp. 77-91

Author(s):

Kieron O’Hara

Keyword(s):

European Union ◽

Public Space ◽

Data Protection ◽

The European Union ◽

Privacy Rights ◽

Internet Privacy ◽

Data Protection Directive ◽

General Data ◽

This chapter describes the Brussels Bourgeois Internet. The ideal consists of positive, managed liberty where rights of others are respected, as in the bourgeois public space, where liberty follows only when rights are secured. The exemplar of this approach is the European Union, which uses administrative means, soft law, and regulation to project its vision across the Internet. Privacy and data protection have become the most emblematic struggles. Under the Data Protection Directive of 1995, the European Union developed data-protection law and numerous privacy rights, including a right to be forgotten, won in a case against Google Spain in 2014, the arguments about which are dissected. The General Data Protection Regulation (GDPR) followed in 2018, amplifying this approach. GDPR is having the effect of enforcing European data-protection law on international players (the ‘Brussels effect’), while the European Union over the years has developed unmatched expertise in data-protection law.

Enhancing Compliance under the General Data Protection Regulation: The Risky Upshot of the Accountability- and Risk-based Approach

European Journal of Risk Regulation ◽

10.1017/err.2018.47 ◽

2018 ◽

Vol 9 (3) ◽

pp. 502-526 ◽

Cited By ~ 3

Author(s):

Claudia QUELLE

Keyword(s):

Data Protection ◽

Fundamental Rights ◽

New Approach ◽

Legal Norms ◽

Improve Compliance ◽

Rules And Principles ◽

General Data ◽

Data Protection Law ◽

Fundamental Rights And Freedoms

The risk-based approach has been introduced to the General Data Protection Regulation (GDPR) to make the rules and principles of data protection law “work better”. Organisations are required to calibrate the legal norms in the GDPR with an eye to the risks posed to the rights and freedoms of individuals. This article is devoted to an analysis of the way in which this new approach relates to “tick-box” compliance. How can the law enhance itself? If handled properly by controllers and supervisory authorities, the risk-based approach can bring about a valuable shift in data protection towards substantive protection of fundamental rights and freedoms. While the risk-based approach has a lot of potential, it also has a risk of its own: it relies on controllers to improve compliance, formulating what it means to attain compliance 2.0.

EU Data Protection Law: The Review of Directive 95/46/EC and the General Data Protection Regulation

10.1093/acprof:oso/9780198807216.003.0005 ◽

2017 ◽

Cited By ~ 10

Author(s):

Peter Hustinx

Keyword(s):

Data Protection ◽

Legal Framework ◽

Fundamental Rights ◽

Full Potential ◽

Gradual Development ◽

Charter Of Fundamental Rights ◽

General Data ◽

Data Protection Law ◽

The Difference

This chapter looks at the origins and the current state of EU data protection law, and highlights the context of the ongoing review of Directive 95/46/EC as its key instrument, as well as the main lines of the proposed General Data Protection Regulation which will replace the Directive in the near future. The analysis shows a gradual development along two lines: one aiming at stronger rights in order to provide more effective protection, and one ensuring more consistent application of those rights across the EU. It also demonstrates the increasing impact of the Charter of Fundamental Rights, both in the case law of the Court of Justice and in the review of the legal framework. At the same time, it is argued that a lack of awareness of the difference in character between Articles 7 and 8 of the Charter could prevent Article 8 from reaching its full potential.

How Comprehensive Is Chinese Data Protection Law? A Systematisation of Chinese Data Protection Law from a European Perspective

GRUR International ◽

10.1093/grurint/ikaa136 ◽

2020 ◽

Vol 69 (12) ◽

pp. 1191-1203

Author(s):

Anja Geller

Keyword(s):

Data Protection ◽

European Perspective ◽

General Development ◽

General Direction ◽

Chinese Law ◽

European Data ◽

General Data ◽

Abstract In China, there is no unified data protection law similar to the EU’s General Data Protection Regulation (GDPR). As a result, there are many different relevant regulations. Among other things, this makes enforcement and comprehension more difficult. To alleviate this problem and assess the comprehensiveness of Chinese data protection, this article uses the GDPR as a frame to organise and systematise the most important Chinese regulations. Binding and non-binding as well as enacted and draft provisions are included to show the dynamic progress and the general direction of Chinese law. While from a European data protection perspective there still are numerous deficiencies, the general development is positive.

Kommunikation, Kreation und Innovation - Recht im Umbruch?

10.5771/9783748901099 ◽

2019 ◽

Keyword(s):

Data Protection ◽

Industry 4.0 ◽

Credit Scoring ◽

Copyright Law ◽

Technical Developments ◽

General Data ◽

Data Protection Law ◽

Artificial Intelligence Systems

The conference transcript deals with current challenges facing the legal fields of intellectual property, media, competition and data protection law, primarily due to technical developments and the resulting changes in legislation. Examples of this are artificial intelligence systems that call into question essential principles of current patent and copyright law. However, it also deals with questions concerning the legal classification of search engines, social bots and other internet intermediaries, as well as questions of the data protection requirements for bloggers, street photographers and credit scoring, which need to be clarified in particular by the new General Data Protection Regulation. The book also focuses on the regulatory options for "Industry 4.0" data markets and the new directive on copyright in the digital single market. With contributions by Stefan Papastefanou, David Linke, Katrin Giere und Dorothea Heilmann, Azim Semizoglu, Hanno Magnus, Jens Milker, Stefan Michel, Katharina Wunner, André Reinelt, David Kleß, Tobias Endrich-Laimböck, Justus Duhnkrack, Susan Bischoff

General Data Protection Law

REVISTA CATARINENSE DA CIÊNCIA CONTÁBIL ◽

10.16930/2237-7662202132202 ◽

2021 ◽

Vol 20 ◽

pp. e3220

Author(s):

Cristiane Krüger ◽

Adriana Cristina Castanho Baldassari ◽

Luis Felipe Dias Lopes ◽

Lizana Ilha da Silva

Keyword(s):

Data Protection ◽

Structural Equation ◽

Personal Data ◽

Survey Study ◽

Equation Modeling ◽

Online Questionnaire ◽

Accounting Professionals ◽

Technological Advances ◽

General Data ◽

Technological advances make it possible to quickly access and share personal data and information, which demands greater security and requires conscious attitudes from the different professionals who deal with these issues. Accounting professionals stand out in this universe for being responsible for customer, supplier, and employee data. The information insecurity scenario led to the creation of the General Data Protection Law (GDPL), a specific legislation for personal data handling. Driven by this context, this research aimed to analyze the GDPL compliance determinants among accounting professionals. In order to achieve this purpose, we conducted a quantitative, descriptive, survey study. For data collection, we developed and applied an online questionnaire addressed to accounting professionals. The final surveyed sample totaled 194 respondents. We performed the data analysis through Structural Equation Modeling. The validated model showed the dimensions of personal behaviors and attitudes and governance mechanisms as determinants, explaining 26.3% of GDPL compliance. This research contributes to the understanding of behavioral aspects of accounting professionals in face of the new legislation. It is an unprecedented approach and fills a gap in the accounting area, presenting useful contributions for educational institutions, class associations, and companies in the area.

Criminal justice profiling and EU data protection law: precarious protection from predictive policing

International Journal of Law in Context ◽

10.1017/s1744552319000090 ◽

2019 ◽

Vol 15 (2) ◽

pp. 162-176 ◽

Cited By ~ 2

Author(s):

Orla Lynskey

Keyword(s):

Data Protection ◽

Legal Framework ◽

Predictive Policing ◽

Court Of Justice ◽

Specific Assessment ◽

General Data ◽

Data Protection Law ◽

Context Specific ◽

The Eu

AbstractThis paper examines the application of the latest iterations of EU data protection law – in the General Data Protection Regulation, the Law Enforcement Directive and the jurisprudence of the Court of Justice of the EU – to the use of predictive policing technologies. It suggests that the protection offered by this legal framework to those impacted by predictive policing technologies is, at best, precarious. Whether predictive policing technologies fall within the scope of the data protection rules is uncertain, even in light of the expansive interpretation of these rules by the Court of Justice of the EU. Such a determination would require a context-specific assessment that individuals will be ill-placed to conduct. Moreover, even should the rules apply, the substantive protection offered by the prohibition against automated decision-making can be easily sidestepped and is subject to significant caveats. Again, this points to the conclusion that the protection offered by this framework may be more illusory than real. This being so, there are some fundamental questions to be answered – including the question of whether we should be building predictive policing technologies at all.

Risk Assessment of Non-Compliance with General Data Protection Law (LGPD): A Necessary Adjustment for Healthcare Companies That Use Chatbots For Automated Care

10.3850/978-981-18-2016-8_221-cd ◽

2021 ◽

Author(s):

Antonio de Paula Pedrosa ◽

José Cristiano Pereira ◽

Marcelo Póvoas ◽

Davi da Fonseca Vieira Junior Marinato ◽

Matheus Bastos de Almeida Bastos ◽

...

Keyword(s):

Risk Assessment ◽

Data Protection ◽

General Data ◽