The EU General Data Protection Regulation: How will it impact the regulation of research biobanks? Setting the legal frame in the Mediterranean and Eastern European area

2018 ◽  
Vol 18 (4) ◽  
pp. 241-255 ◽  
Author(s):  
Simone Penasa ◽  
Iñigo de Miguel Beriain ◽  
Carla Barbosa ◽  
Anna Białek ◽  
Theodora Chortara ◽  
...  
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Eastern European ◽  
Member States ◽  
General Data Protection Regulation ◽  
Eu Member States ◽  
European Area ◽  
General Data ◽  
The Mediterranean ◽  
The Eu

On 25 May 2018, the EU General Data Protection Regulation (GDPR) will come into force. As with the Data Protection Directive (95/46/EC), the regulation of biobanks for scientific research will be profoundly affected by this reform. Accordingly, a comparative survey of some of the existing national regulatory frameworks is of value to aid understanding of whether and how EU Member States will need to realign their systems to ensure compliance with the new Regulation. This article provides a comparison of the positions of Member States in the Mediterranean and Eastern European area, focusing especially on the existing regulatory framework on biobanks, the definition of personal and genetic data, the pseudonymization process, the processing of personal data for medical research purposes (and its impact on the right to consent of the individuals involved) and the secondary use of such data. The article concludes that effective implementation of the EU GDPR will represent a decisive catalyst for adaptive harmonization of biobanks regulation in the European framework.

scholarly journals The practice of imposing administrative fines by the State Data Protection Inspectorate in the context of other EU Member States

2021 ◽  
Vol 44 (2) ◽  
pp. 153-169
Author(s):  
Aurimas Šidlauskas
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
The State ◽  
General Context ◽  
Member States ◽  
State Data ◽  
General Data Protection Regulation ◽  
Supervisory Authority ◽  
Eu Member States ◽  
The Eu

The implementation of the EU General Data Protection Regulation (hereinafter referred to as the Regulation), which, among other things, aims to eliminate disparities between national systems and to alleviate unnecessary administrative burdens, began on 25 May 2018. Each Member State is to ensure that there is one or more independent public authorities (hereinafter referred to as the supervisory authority) responsible for monitoring the implementation of the Regulation. In Lithuania, personal data protection is supervised by two authorities, namely by the State Data Protection Inspectorate (hereinafter referred to as the SDPI) and by the Office of the Inspector of Journalist Ethics. The powers conferred on the supervisory authorities by the Regulation are greater and broader in scope than those granted under previous data protection legislation. Organizations which process personal data must ensure compliance with the requirements laid down in the Regulation. A supervisory authority that violates the provisions of the Regulation may be faced with heavy administrative fines and other sanctions. This article analyzes the practice of imposing administrative fines in the EU and in Lithuania as compared to other EU Member States. The author of the article believes that evaluating the practice of imposing administrative fines by the SDPI within the general context of the EU shall enable one to search for the reasons behind the current situation, as well as to improve the processes the SDPI employs to perform functions associated with data protection supervision. The article uses generalization and comparative analysis of scientific literature, legal documents and statistical data.

scholarly journals The EU General Data Protection Regulation (GDPR)

2020 ◽  
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Privacy Regulation ◽  
General Data Protection Regulation ◽  
Data Protection Directive ◽  
Ongoing Work ◽  
Protection Legislation ◽  
Recent Reform ◽  
General Data ◽  
The Eu

This new book provides an article-by-article commentary on the new EU General Data Protection Regulation. Adopted in April 2016 and applicable from May 2018, the GDPR is the centrepiece of the recent reform of the EU regulatory framework for protection of personal data. It replaces the 1995 EU Data Protection Directive and has become the most significant piece of data protection legislation anywhere in the world. This book is edited by three leading authorities and written by a team of expert specialists in the field from around the EU and representing different sectors (including academia, the EU institutions, data protection authorities, and the private sector), thus providing a pan-European analysis of the GDPR. It examines each article of the GDPR in sequential order and explains how its provisions work, thus allowing the reader to easily and quickly elucidate the meaning of individual articles. An introductory chapter provides an overview of the background to the GDPR and its place in the greater structure of EU law and human rights law. Account is also taken of closely linked legal instruments, such as the Directive on Data Protection and Law Enforcement that was adopted concurrently with the GDPR, and of the ongoing work on the proposed new E-Privacy Regulation.

scholarly journals The GDPR as Global Data Protection Regulation?

AJIL Unbound ◽  
2020 ◽  
Vol 114 ◽  
pp. 5-9 ◽  
Author(s):  
Cedric Ryngaert ◽  
Mistale Taylor
Keyword(s):  
International Law ◽  
Data Protection ◽  
Personal Data ◽  
Fundamental Rights ◽  
General Data Protection Regulation ◽  
Data Protection Directive ◽  
Protection Legislation ◽  
General Data ◽  
Global Data ◽  
The Eu

The deterritorialization of the Internet and international communications technology has given rise to acute jurisdictional questions regarding who may regulate online activities. In the absence of a global regulator, states act unilaterally, applying their own laws to transborder activities. The EU's “extraterritorial” application of its data protection legislation—initially the Data Protection Directive (DPD) and, since 2018, the General Data Protection Regulation (GDPR)—is a case in point. The GDPR applies to “the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to: (a) the offering of goods or services . . . to such data subjects in the Union; or (b) the monitoring of their behaviour . . . within the Union.” It also conditions data transfers outside the EU on third states having adequate (meaning essentially equivalent) data protection standards. This essay outlines forms of extraterritoriality evident in EU data protection law, which could be legitimized by certain fundamental rights obligations. It then looks at how the EU balances data protection with third states’ countervailing interests. This approach can involve burdens not only for third states or corporations, but also for the EU political branches themselves. EU law viewed through the lens of public international law shows how local regulation is going global, despite its goal of protecting only EU data subjects.

International Organizations and the EU General Data Protection Regulation

2019 ◽  
Vol 16 (1) ◽  
pp. 158-191 ◽  
Author(s):  
Christopher Kuner
Keyword(s):  
International Law ◽  
International Organizations ◽  
Data Protection ◽  
Personal Data ◽  
Eu Law ◽  
Protection Measures ◽  
General Data Protection Regulation ◽  
General Data ◽  
High Level ◽  
The Eu

The importance of personal data processing for international organizations (‘IOs’) demonstrates the need for them to implement data protection in their work. The EU General Data Protection Regulation (‘GDPR’) will be influential around the world, and will impact IOs as well. Its application to them should be determined under relevant principles of EU law and public international law, and it should be interpreted consistently with the international obligations of the EU and its Member States. However, IOs should implement data protection measures regardless of whether the GDPR applies to them in a legal sense. There is a need for EU law and international law to take each other better into account, so that IOs can enjoy their privileges and immunities also with regard to EU law and avoid conflicts with international law, while still providing a high level of data protection in their operations.

scholarly journals Apply or not to apply?

2020 ◽  
Vol 4 (2) ◽  
pp. 81-94
Author(s):  
Matúš Mesarčík
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
The European Union ◽  
Privacy Regulation ◽  
New Era ◽  
General Data Protection Regulation ◽  
Consumer Privacy ◽  
Privacy Act ◽  
General Data ◽  
The Eu

A new era of data protection laws arises after the adoption of the General Data Protection Regulation (GDPR) in the European Union. One of the newly adopted regulations of processing of personal data is Californian Consumer Privacy Act commonly referred to as CCPA. The article aims to fill the gap considering a deep analysis of the territorial scope of both acts and practical consequences of the application. The article starts with a brief overview of privacy regulation in the EU and USA. Introduction to GDPR and CCPA follows focusing on the territorial scope of respective legislation. Three scenarios of applicability are derived in the following part including practical examples.

scholarly journals The EU’s General Data Protection Regulation (GDPR) in a Research Context

2018 ◽  
pp. 55-71 ◽  
Author(s):  
Christopher F. Mondschein ◽  
Cosimo Monda
Keyword(s):  
Data Protection ◽  
Regulatory Mechanism ◽  
Personal Data ◽  
General Data Protection Regulation ◽  
Secondary Use ◽  
Research Context ◽  
Specific Focus ◽  
General Data ◽  
The Eu

AbstractThis chapter introduces the rational and regulatory mechanism underlying the EU data protection framework with specific focus on the EU’s General Data Protection Regulation (GDPR). It outlines the applicability of the research exemption included in the GDPR and discusses further or secondary use of personal data for research purposes.

scholarly journals Can the Internet Forget? – Rhe Eight to be Forgotten in the EU Law and its Actual Impact on the Internet. Comparison of the Approaches Towards the Notion and Assessment of its Effectiveness

2020 ◽  
Vol 9 (1) ◽  
pp. 86-101
Author(s):  
Aleksandra Gebuza
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
The Internet ◽  
Eu Law ◽  
General Data Protection Regulation ◽  
Actual Impact ◽  
Right To Be Forgotten ◽  
General Data ◽  
The Right ◽  
The Eu

AbstractThe main aim of the article is to provide analysis on the notion of the right to be forgotten developed by the CJEU in the ruling Google v. AEPD & Gonzalez and by the General Data Protection Regulation within the context of the processing of personal data on the Internet. The analysis provides the comparison of approach towards the notion between European and American jurisprudence and doctrine, in order to demonstrate the scale of difficulty in applying the concept in practice.

scholarly journals EXTRATERRITORIAL APPLICATION OF THE EU GENERAL DATA PROTECTION REGULATION: AN INTERNATIONAL LAW PERSPECTIVE

2021 ◽  
Vol 28 (2) ◽  
pp. 531-565
Author(s):  
Md. Toriqul Islam ◽  
Mohammad Ershadul Karim
Keyword(s):  
International Law ◽  
Data Protection ◽  
Personal Data ◽  
The European Union ◽  
General Data Protection Regulation ◽  
Foreign Companies ◽  
General Data ◽  
Business Entities ◽  
Data Controller ◽  
The Eu

The General Data Protection Regulation (the GDPR) of the European Union (EU) emerges as a hot-button issue in contemporary global politics, policies, and business. Based on an omnibus legal substance, extensive extraterritorial scope and influential market powers, it appears as a standard for global data protection regulations as can be witnessed by the growing tendency of adopting, or adjusting relevant national laws following the instrument across the globe. Under Article 3, of the GDPR applies against any data controller or processor within and outside the EU, who process the personal data of EU residents. Therefore, the long arm of the GDPR is extended to cover the whole world, including Malaysia. This gives rise to tension worldwide, as non-compliance thereof leads to severe fines of up to €20 million or 4% of annual turnover. This is not a hypothetical possibility, rather a reality, as a huge amount of fines are already imposed on many foreign companies, such as Google, Facebook, Uber, and Equifax to name a few. Such a scenario, due to the existence of state sovereignty principles under international law, has made the researchers around the world curious about some questions, why does the EU adopt an instrument having the extraterritorial application; whether the extraterritorial scope is legitimate under normative international law; how the provisions of this instrument can be enforced, and how these are justified. This article attempts to search for answers to those questions by analyzing the relevant rules and norms of international law and the techniques of the EU employed. The article concludes with the findings that the extraterritorial scope of the GDPR is justified under international law in a changed global context. The findings of this article will enlighten the relevant stakeholders, including Malaysian policymakers and business entities, to realise the theoretical aspects of inclusion of the extraterritorial feature of the GDPR, and this understanding may facilitate them to map their future strategies.

scholarly journals GEOGRAPHIC DATA AS PERSONAL DATA IN FOUR EU MEMBER STATES

2016 ◽  
Vol III-2 ◽  
pp. 151-157 ◽  
Author(s):  
A. J. de Jong ◽  
B. van Loenen ◽  
J. A. Zevenbergen
Keyword(s):  
Data Protection ◽  
Large Scale ◽  
Personal Data ◽  
Topographic Maps ◽  
Member States ◽  
Eu Member States ◽  
Eu Directive ◽  
Geographic Data ◽  
Protection Legislation ◽  
The Eu

The EU Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data aims at harmonising data protection legislation in the European Union. This should promote the free flow of products and services within the EU. This research found a wide variety of interpretations of the application of data protection legislation to geographic data. The variety was found among the different EU Member States, the different stakeholders and the different types of geographic data. In the Netherlands, the Data Protection Authority (DPA) states that panoramic images of streets are considered personal data. While Dutch case law judges that the data protection legislation does not apply if certain features are blurred and no link to an address is provided. The topographic datasets studied in the case studies do not contain personal data, according to the Dutch DPA, while the German DPA and the Belgian DPA judge that topographic maps of a large scale can contain personal data, and impose conditions on the processing of topographic maps. The UK DPA does consider this data outside of the scope of legal definition of personal data. The patchwork of differences in data protection legislation can be harmonised by using a traffic light model. This model focuses on the context in which the processing of the data takes place and has four categories of data: (1) sensitive personal data, (2) personal data, (3), data that can possibly lead to identification, and (4) non-personal data. For some geographic data, for example factual data that does not reveal sensitive information about a person, can be categorised in the third category giving room to opening up data under the INSPIRE Directive.

Sign in / Sign up

Export Citation Format

Share Document