Data Protection, Genetics and Patents for Biotechnology

AbstractThis paper has three parts. In Part One, we argue that while biological samples and genetic information extracted from them are not (in terms of Directive 95/46/EC) personal data in and of themselves, each is capable of being personal data in appropriate contexts. In Part Two, we argue that if this is correct, then the requirement for sources of human biological samples to give informed consent for any use of their samples (which the European Court of Justice has maintained to be a fundamental principle of EC law but not one to be enforced via patent law) must be enforced by data protection law in the EU. Finally, in Part Three, we consider the implications of our position for the capacity of Directive 95/46/EC to adequately protect third party interests given the shared nature of genetic data.

Download Full-text

Best Practice of the Court of the EU in Ensuring the Principles of the Personal Data Protection

Visnyk of the Lviv University Series International Relations ◽

10.30970/vir.2019.47.0.10988 ◽

2019 ◽

Author(s):

Iryna Yavorska ◽

Ivan Bratsuk

Keyword(s):

Data Protection ◽

Best Practice ◽

Personal Data ◽

Human Right ◽

Personal Data Protection ◽

National Courts ◽

Court Of Justice ◽

European Court ◽

Access To Data ◽

The Eu

Research of the decisions of the European Court of Justice and of the European Court of Human Right is crucial in the process of approximation of Ukrainian legislation to the EU Law. This article subjects to analysis certain decisions of the Court of Justice of the EU in the area of Personal Data Protection, in particular, the main principles of protection. Court of Justice of the EU forms its decisions on Personal Data Protection in the format of conclusions, provided by the Court in response to the pre-judicial requests from national courts in relation to enquiries from citizens on legality of processing of their personal data, on terms of response to such enquiries, on terms of access by citizens to information which is considered Personal Data, on ensuring security of keeping Personal Data, on restrictions in collecting data, on the provisions in the national law on independence of bodies responsible for collecting and storing personal data. These conclusions of the Court of Justice of the EU aim to prevent violations of the protection of personal data or of its security, which could lead to accidental or illegal destruction, loss, change, unauthorised access to data. It should be noted that the term Personal Data covers not only the private sphere of citizens but also their professional or civic activity. Key words: personal data; EU; Court of Justice of the EU; EU principles of Personal Data Protection.

Download Full-text

Consultation of EU Immigration Databases for Law Enforcement Purposes: a Privacy and Data Protection Assessment

European Journal of Migration and Law ◽

10.1163/15718166-12340072 ◽

2020 ◽

Vol 22 (2) ◽

pp. 139-177

Author(s):

Niovi Vavoula

Keyword(s):

Information Systems ◽

Law Enforcement ◽

Data Protection ◽

Personal Data ◽

Private Life ◽

The Past ◽

European Court ◽

The Eu ◽

Third Country Nationals

Abstract Since the past three decades, an elaborate framework of EU-wide information systems processing the personal data of third-country nationals has emerged. The vast majority of these systems (VIS, Eurodac, EES, ETIAS) are conceptualised as multi-purpose tools, whereby their consultation for crime-related objectives is listed among their ancillary objectives. As a result, immigration records may be accessed by national law enforcement authorities and Europol for the purposes of fighting terrorism and other serious crimes under specified and limited conditions. Drawing from the relevant jurisprudence of the European Court, this article evaluates whether the EU rules on law enforcement access to EU immigration databases comply with the rights to respect for private life and protection of personal data, as enshrined in Article 7 and 8 of the EU Charter respectively. In addition, challenges posed by the forthcoming interoperability between databases are also examined.

Download Full-text

L’invalidità del Safe Harbor Agreement

Ricerche giuridiche ◽

10.30687/rg/2281-6100/2018/01/007 ◽

2018 ◽

Author(s):

Fabiana Accardo

Keyword(s):

European Union ◽

Data Protection ◽

Personal Data ◽

Safe Harbor ◽

The European Union ◽

Court Of Justice ◽

The Us ◽

Data Protection Law ◽

The Impact ◽

The Eu

The purpose of this article is that to explain the impact of the landmark decision Schrems c. Data Protection Commissioner [Ireland] - delivered on 7 October 2015 (Case C-362/2014 EU) by the Court of Justice - on the European scenario. Starting from a brief analysis of the major outcomes originated from the pronunciation of the Court of Justice, then it tries to study the level of criticality that the Safe Harbor Agreement and the subsequently adequacy Commission decision 2000/520/EC – that has been invalidated with Schrems judgment – have provoked before this pronunciation on the matter of safeguarding personal privacy of european citizens when their personal data are transferred outside the European Union, in particular the reference is at the US context. Moreover it focuses on the most important aspects of the new EU-US agreement called Privacy Shield: it can be really considered the safer solution for data sharing in the light of the closer implementation of the Regulation (EU) 2016/679, which will take the place of the Directive 95 /46/CE on the EU data protection law?

Download Full-text

A New Data Protection Development in The EU Judicial and Criminal Area

International conference KNOWLEDGE-BASED ORGANIZATION ◽

10.1515/kbo-2017-0103 ◽

2017 ◽

Vol 23 (2) ◽

pp. 144-149

Author(s):

Gabriela Belova ◽

Gergana Georgieva

Keyword(s):

Data Protection ◽

Personal Data ◽

Terrorist Attacks ◽

The European Union ◽

Significant Progress ◽

Data Retention ◽

Eu Member States ◽

European Court ◽

Efficient Measure ◽

The Eu

Abstract The following article is dedicated to a new data protection regime in the European Union, in particular the Directive (EU) 2016/680 of the European Parliament and the Council on the protection of natural persons regarding processing of personal data by authorities aiming at prevention, investigation, detection and prosecution of crime offences, including execution of criminal penalties. For this purpose, the authors look first at the data protection within the Prüm framework as well as at the relevant provisions of Lisbon Treaty. Тhe important cases of the European Court of Human Rights are analyzed. Whereas in 2014 EU Member states focused on the question whether or not to retain data, the 2016 conclusion was that in some aspects data retention is the most efficient measure to ensure national security, public safety and fighting across serious crimes. The terrorist attacks in Paris and Brussels call to better equip security authorities. The EU legislature made significant progress on the Data Protection regime. The Directive (EU) 2016/680, the so called the ‘Police and Criminal Justice Directive’, repeals the Council Framework Decision 2008/977/JHA and will enter into force on 6 May 2018.

Download Full-text

A Right to Reasonable Inferences: Re-Thinking Data Protection Law in the Age of Big Data and AI

10.31228/osf.io/mu2kf ◽

2018 ◽

Cited By ~ 40

Author(s):

Sandra Wachter ◽

Brent Mittelstadt

Keyword(s):

Big Data ◽

Data Protection ◽

Data Analytics ◽

Big Data Analytics ◽

Personal Data ◽

Trade Secrets ◽

European Court ◽

Ex Ante ◽

Data Protection Law ◽

The Eu

Big Data analytics and artificial intelligence (AI) draw non-intuitive and unverifiable inferences and predictions about the behaviors, preferences, and private lives of individuals. These inferences draw on highly diverse and feature-rich data of unpredictable value, and create new opportunities for discriminatory, biased, and invasive decision-making. Concerns about algorithmic accountability are often actually concerns about the way in which these technologies draw privacy invasive and non-verifiable inferences about us that we cannot predict, understand, or refute.Data protection law is meant to protect people’s privacy, identity, reputation, and autonomy, but is currently failing to protect data subjects from the novel risks of inferential analytics. The broad concept of personal data in Europe could be interpreted to include inferences, predictions, and assumptions that refer to or impact on an individual. If seen as personal data, individuals are granted numerous rights under data protection law. However, the legal status of inferences is heavily disputed in legal scholarship, and marked by inconsistencies and contradictions within and between the views of the Article 29 Working Party and the European Court of Justice.As we show in this paper, individuals are granted little control and oversight over how their personal data is used to draw inferences about them. Compared to other types of personal data, inferences are effectively ‘economy class’ personal data in the General Data Protection Regulation (GDPR). Data subjects’ rights to know about (Art 13-15), rectify (Art 16), delete (Art 17), object to (Art 21), or port (Art 20) personal data are significantly curtailed when it comes to inferences, often requiring a greater balance with controller’s interests (e.g. trade secrets, intellectual property) than would otherwise be the case. Similarly, the GDPR provides insufficient protection against sensitive inferences (Art 9) or remedies to challenge inferences or important decisions based on them (Art 22(3)).This situation is not accidental. In standing jurisprudence the European Court of Justice (ECJ; Bavarian Lager, YS. and M. and S., and Nowak) and the Advocate General (AG; YS. and M. and S. and Nowak) have consistently restricted the remit of data protection law to assessing the legitimacy of input personal data undergoing processing, and to rectify, block, or erase it. Critically, the ECJ has likewise made clear that data protection law is not intended to ensure the accuracy of decisions and decision-making processes involving personal data, or to make these processes fully transparent.Conflict looms on the horizon in Europe that will further weaken the protection afforded to data subjects against inferences. Current policy proposals addressing privacy protection (the ePrivacy Regulation and the EU Digital Content Directive) fail to close the GDPR’s accountability gaps concerning inferences. At the same time, the GDPR and Europe’s new Copyright Directive aim to facilitate data mining, knowledge discovery, and Big Data analytics by limiting data subjects’ rights over personal data. And lastly, the new Trades Secrets Directive provides extensive protection of commercial interests attached to the outputs of these processes (e.g. models, algorithms and inferences).In this paper we argue that a new data protection right, the ‘right to reasonable inferences’, is needed to help close the accountability gap currently posed ‘high risk inferences’ , meaning inferences that are privacy invasive or reputation damaging and have low verifiability in the sense of being predictive or opinion-based. In cases where algorithms draw ‘high risk inferences’ about individuals, this right would require ex-ante justification to be given by the data controller to establish whether an inference is reasonable. This disclosure would address (1) why certain data is a relevant basis to draw inferences; (2) why these inferences are relevant for the chosen processing purpose or type of automated decision; and (3) whether the data and methods used to draw the inferences are accurate and statistically reliable. The ex-ante justification is bolstered by an additional ex-post mechanism enabling unreasonable inferences to be challenged. A right to reasonable inferences must, however, be reconciled with EU jurisprudence and counterbalanced with IP and trade secrets law as well as freedom of expression and Article 16 of the EU Charter of Fundamental Rights: the freedom to conduct a business.

Download Full-text

ASSESSING THE IMPLICATIONS OF SCHREMS II FOR EU–US DATA FLOW

International and Comparative Law Quarterly ◽

10.1017/s0020589321000348 ◽

2021 ◽

pp. 1-18

Author(s):

Maria Helen Murphy

Keyword(s):

European Union ◽

Data Protection ◽

Data Flow ◽

Data Transfer ◽

Personal Data ◽

Fundamental Rights ◽

Constant Flow ◽

The European Union ◽

Court Of Justice ◽

The Eu

Abstract With the constant flow of data across jurisdictions, issues regarding conflicting laws and the protection of rights arise. This article considers the EU–US data transfer relationship in the aftermath of the decision in Data Protection Commissioner v Facebook Ireland and Maximillian Schrems where the Court of Justice of the European Union (CJEU) invalidated an EU–US data transfer agreement for the second time in just five years. This judgment continues the line of cases emphasising the high value the Court places on securing EU personal data in accordance with EU data protection standards and fundamental rights. This article assesses the implications of the ruling for the vulnerable EU–US data transfer relationship.

Download Full-text

Data protection and passenger name record in judicial criminal matters under the EU–UK Trade and Cooperation Agreement

New Journal of European Criminal Law ◽

10.1177/2032284421994920 ◽

2021 ◽

pp. 203228442199492

Author(s):

Catherine Van de Heyning

Keyword(s):

United Kingdom ◽

Data Protection ◽

Personal Data ◽

Cooperation Agreement ◽

Judicial Cooperation ◽

The United Kingdom ◽

Record Data ◽

Criminal Matters ◽

The Impact ◽

The Eu

The submission discusses the provisions in the EU–UK Trade and Cooperation Agreement on data protection as well as the consequences for the exchange of passenger name record data in the field of criminal and judicial cooperation. The author concludes that the impact of the Agreement will depend on the resolvement of the United Kingdom to uphold the standards of protection of personal data equivalent to the EU’s in order to reach an adequacy decision.

Download Full-text

Review of the right to self-determination of personal data in the AI era - based on the EU Personal Data Protection Act

Center for Public Interest & Human Rights Law Chonnam National University ◽

10.38135/hrlr.2021.26.123 ◽

2021 ◽

Vol 26 ◽

pp. 123-151

Author(s):

In-Seon Ham

Keyword(s):

Data Protection ◽

Personal Data ◽

Self Determination ◽

Personal Data Protection ◽

The Right ◽

The Eu

Download Full-text

Square Pegs and Round Holes: The Free Movement of Persons Under EEA Law

Cambridge yearbook of European legal studies ◽

10.1017/cel.2017.8 ◽

2017 ◽

Vol 19 ◽

pp. 165-186

Author(s):

Christian NK FRANKLIN

Keyword(s):

Free Trade ◽

Case Law ◽

Fundamental Principle ◽

Free Movement ◽

Trade Association ◽

Eu Law ◽

European Free Trade Association ◽

Court Of Justice ◽

Free Movement Of Persons ◽

The Eu

AbstractWhilst the European Union’s aim of achieving an ‘ever closer Union’ is not an objective of EEA cooperation, homogeneity demands that we follow the same path: as the Union gets ever closer, so too does EEA cooperation, in light of the demands of the fundamental principle of homogeneity. This is particularly well demonstrated by looking at developments in the field of the free movement of persons. The case law of the Court of Justice of the European Free Trade Association (EFTA Court) in this field shows that in situations where homogeneity is put to the test, there seems little to suggest that a more national sovereignty-friendly approach has been adopted than under EU law. Notwithstanding the integral differences between the EU and EEA legal constructs, the EFTA Court has proven highly adept at keeping pace with EU developments in the field through a number of bold and creative interpretations of EEA law, and by using different tools to arrive at uniform conclusions.

Download Full-text

The EU General Data Protection Regulation (GDPR)

10.1093/oso/9780198826491.001.0001 ◽

2020 ◽

Cited By ~ 1

Keyword(s):

Data Protection ◽

Personal Data ◽

Privacy Regulation ◽

General Data Protection Regulation ◽

Data Protection Directive ◽

Ongoing Work ◽

Protection Legislation ◽

Recent Reform ◽

General Data ◽

The Eu

This new book provides an article-by-article commentary on the new EU General Data Protection Regulation. Adopted in April 2016 and applicable from May 2018, the GDPR is the centrepiece of the recent reform of the EU regulatory framework for protection of personal data. It replaces the 1995 EU Data Protection Directive and has become the most significant piece of data protection legislation anywhere in the world. This book is edited by three leading authorities and written by a team of expert specialists in the field from around the EU and representing different sectors (including academia, the EU institutions, data protection authorities, and the private sector), thus providing a pan-European analysis of the GDPR. It examines each article of the GDPR in sequential order and explains how its provisions work, thus allowing the reader to easily and quickly elucidate the meaning of individual articles. An introductory chapter provides an overview of the background to the GDPR and its place in the greater structure of EU law and human rights law. Account is also taken of closely linked legal instruments, such as the Directive on Data Protection and Law Enforcement that was adopted concurrently with the GDPR, and of the ongoing work on the proposed new E-Privacy Regulation.

Download Full-text