Public perceptions of good data management: Findings from  a UK-based survey

Low levels of public trust in data practices have led to growing calls for changes to data-driven systems, and in the EU, the General Data Protection Regulation provides a legal motivation for such changes. Data management is a vital component of data-driven systems, but what constitutes ‘good’ data management is not straightforward. Academic attention is turning to the question of what ‘good data’ might look like more generally, but public views are absent from these debates. This paper addresses this gap, reporting on a survey of the public on their views of data management approaches, undertaken by the authors and administered in the UK, where departure from the EU makes future data legislation uncertain. The survey found that respondents dislike the current approach in which commercial organizations control their personal data and prefer approaches that give them control over their data, that include oversight from regulatory bodies or that enable them to opt out of data gathering. Variations of data trusts – that is, structures that provide independent stewardship of data – were also preferable to the current approach, but not as widely preferred as control, oversight and opt out options. These features therefore constitute ‘good data management’ for survey respondents. These findings align only in part with principles of good data identified by policy experts and researchers. Our findings nuance understandings of good data as a concept and of good data management as a practice and point to where further research and policy action are needed.

Download Full-text

Regulating the European Data-Driven Economy. A Case Study on the General Data Protection Regulation

10.31235/osf.io/a6m8r ◽

2020 ◽

Author(s):

Moritz Laurer ◽

Timo Seidl

Keyword(s):

Data Protection ◽

Personal Data ◽

Policy Formulation ◽

Data Driven ◽

The Political ◽

General Data Protection Regulation ◽

General Data ◽

Institutional Legacies ◽

The Eu

In recent years, data have become part and parcel of contemporary capitalism. This created tensions between the growing demand for personal data and the fundamental right to data protection. Against this background, the EU’s adoption of the general data protection regulation (GDPR) poses a puzzle. Why did the EU adopt a regulation that strengthens data protection despite intensive lobbying by powerful business groups? We make two arguments to explain this outcome. First, we use process tracing to show how institutional legacies triggered and structured the policy-formulation process by strengthening the position of data protection advocates within the Commission. Second, we use discourse network analysis to show that the Snowden revelations fundamentally changed the discursive and coalitional dynamics during the decision-making stage, ‘saving’ the GDPR from being watered down. Our paper contributes to the literature on the political economy of data protection while also offering a comprehensive explanationof the GDPR.

Download Full-text

The EU General Data Protection Regulation (GDPR)

10.1093/oso/9780198826491.001.0001 ◽

2020 ◽

Cited By ~ 1

Keyword(s):

Data Protection ◽

Personal Data ◽

Privacy Regulation ◽

General Data Protection Regulation ◽

Data Protection Directive ◽

Ongoing Work ◽

Protection Legislation ◽

Recent Reform ◽

General Data ◽

The Eu

This new book provides an article-by-article commentary on the new EU General Data Protection Regulation. Adopted in April 2016 and applicable from May 2018, the GDPR is the centrepiece of the recent reform of the EU regulatory framework for protection of personal data. It replaces the 1995 EU Data Protection Directive and has become the most significant piece of data protection legislation anywhere in the world. This book is edited by three leading authorities and written by a team of expert specialists in the field from around the EU and representing different sectors (including academia, the EU institutions, data protection authorities, and the private sector), thus providing a pan-European analysis of the GDPR. It examines each article of the GDPR in sequential order and explains how its provisions work, thus allowing the reader to easily and quickly elucidate the meaning of individual articles. An introductory chapter provides an overview of the background to the GDPR and its place in the greater structure of EU law and human rights law. Account is also taken of closely linked legal instruments, such as the Directive on Data Protection and Law Enforcement that was adopted concurrently with the GDPR, and of the ongoing work on the proposed new E-Privacy Regulation.

Download Full-text

The Development of European Data Protection Law and Regulation

European Data Protection Regulation, Journalism, and Traditional Publishers ◽

10.1093/oso/9780198841982.003.0003 ◽

2019 ◽

pp. 35-54

Author(s):

David Erdos

Keyword(s):

Data Protection ◽

Legal Status ◽

Personal Data ◽

Working Party ◽

Advisory Council ◽

Human Right ◽

General Data Protection Regulation ◽

European Data ◽

Regulatory Data ◽

The Eu

This chapter explores the development of European data protection, both as a codified form of regulation and as a human right, from its inception to the present day. In contrast to more ʻclassicalʼ rights, such as freedom of expression and even privacy, data protection only emerged as a discrete concept with the rise of computer power in the 1970s. The focus in Europe from this time has been on elaborating a progressively more detailed and harmonized regulatory code to govern the processing of personal data across the EU and wider European Economic Area (EEA). Advisory Council of Europe Resolutions in the 1970s led to a binding but optional Data Protection Convention in the 1980s, to a mandatory Data Protection Directive in the 1990s, and finally to a General Data Protection Regulation (GDPR) in the 2010s which is directly applicable across the EU. In addition, data protection has increasingly been recognized as a fundamental right and, in particular, was included within the EU Charter that was drafted in 2000 and acquired pan-EU legal status in 2009. These developments have dovetailed with the emergence of a significant body of relevant Court of Justice of the EU (CJEU) jurisprudence. However, the regulatory Data Protection Authorities (DPAs) also remain critical interpretative actors and have issued a number of important opinions including through the Article 29 Working Party that under the GDPR has become the European Data Protection Board.

Download Full-text

The GDPR as Global Data Protection Regulation?

AJIL Unbound ◽

10.1017/aju.2019.80 ◽

2020 ◽

Vol 114 ◽

pp. 5-9 ◽

Cited By ~ 2

Author(s):

Cedric Ryngaert ◽

Mistale Taylor

Keyword(s):

International Law ◽

Data Protection ◽

Personal Data ◽

Fundamental Rights ◽

General Data Protection Regulation ◽

Data Protection Directive ◽

Protection Legislation ◽

General Data ◽

Global Data ◽

The Eu

The deterritorialization of the Internet and international communications technology has given rise to acute jurisdictional questions regarding who may regulate online activities. In the absence of a global regulator, states act unilaterally, applying their own laws to transborder activities. The EU's “extraterritorial” application of its data protection legislation—initially the Data Protection Directive (DPD) and, since 2018, the General Data Protection Regulation (GDPR)—is a case in point. The GDPR applies to “the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to: (a) the offering of goods or services . . . to such data subjects in the Union; or (b) the monitoring of their behaviour . . . within the Union.” It also conditions data transfers outside the EU on third states having adequate (meaning essentially equivalent) data protection standards. This essay outlines forms of extraterritoriality evident in EU data protection law, which could be legitimized by certain fundamental rights obligations. It then looks at how the EU balances data protection with third states’ countervailing interests. This approach can involve burdens not only for third states or corporations, but also for the EU political branches themselves. EU law viewed through the lens of public international law shows how local regulation is going global, despite its goal of protecting only EU data subjects.

Download Full-text

GDPR: Is your consent valid?

Business Information Review ◽

10.1177/0266382120903254 ◽

2020 ◽

Vol 37 (1) ◽

pp. 19-24

Author(s):

Stephen Breen ◽

Karim Ouazzane ◽

Preeti Patel

Keyword(s):

Information Systems ◽

Data Protection ◽

Personal Data ◽

Data Driven ◽

Privacy Concerns ◽

General Data Protection Regulation ◽

Philosophical Background ◽

General Data ◽

Compliance With The Law ◽

Point Of Departure

The General Data Protection Regulation (GDPR) 2018 imposes much greater demands on companies to address the rights of individuals who provide data, that is, Data Subjects. The new law requires a much more transparent approach to gaining consent to process personal data. However, few obvious changes to how consent is gained from Data Subjects to comply with this. Many companies are running the risk of non-compliance with the law if they fail to address how data are obtained and the lack of true consent which Data Subjects currently give to their data being processed. Consent is a complex philosophical principle which relies on the person giving the consent being in full possession of the facts, this article explores the philosophical background of consent and examines the circumstances which were the point of departure for the debate on consent and attempts to develop an understanding of it in the context of the growing influence of information systems and the data-driven economy. The GDPR has gone further than any other regulation or law to date in developing an understanding of consent to address personal data and privacy concerns.

Download Full-text

International Organizations and the EU General Data Protection Regulation

International Organizations Law Review ◽

10.1163/15723747-2019008 ◽

2019 ◽

Vol 16 (1) ◽

pp. 158-191 ◽

Cited By ~ 1

Author(s):

Christopher Kuner

Keyword(s):

International Law ◽

International Organizations ◽

Data Protection ◽

Personal Data ◽

Eu Law ◽

Protection Measures ◽

General Data Protection Regulation ◽

General Data ◽

High Level ◽

The Eu

The importance of personal data processing for international organizations (‘IOs’) demonstrates the need for them to implement data protection in their work. The EU General Data Protection Regulation (‘GDPR’) will be influential around the world, and will impact IOs as well. Its application to them should be determined under relevant principles of EU law and public international law, and it should be interpreted consistently with the international obligations of the EU and its Member States. However, IOs should implement data protection measures regardless of whether the GDPR applies to them in a legal sense. There is a need for EU law and international law to take each other better into account, so that IOs can enjoy their privileges and immunities also with regard to EU law and avoid conflicts with international law, while still providing a high level of data protection in their operations.

Download Full-text

How Data Protection Regulation Affects Startup Innovation

Information Systems Frontiers ◽

10.1007/s10796-019-09974-2 ◽

2019 ◽

Vol 21 (6) ◽

pp. 1307-1324 ◽

Cited By ~ 6

Author(s):

Nicholas Martin ◽

Christian Matt ◽

Crispin Niebel ◽

Knut Blind

Keyword(s):

Empirical Evidence ◽

Data Protection ◽

Rapid Growth ◽

Business Development ◽

Data Driven ◽

General Data Protection Regulation ◽

Policy Responses ◽

General Data ◽

Firm Responses ◽

The Eu

AbstractWhile many data-driven businesses have seen rapid growth in recent years, their business development might be highly contingent upon data protection regulation. While it is often claimed that stricter regulation penalizes firms, there is only scarce empirical evidence for this. We therefore study how data protection regulation affects startup innovation, exploring this question during the ongoing introduction of the EU General Data Protection Regulation (GDPR). Our results show that the effects of data protection regulation on startup innovation are complex: it simultaneously stimulates and constrains innovation. We identify six distinct firm responses to the effects of the GDPR; three that stimulate innovation, and three that constrain it. We furthermore identify two key stipulations in the GDPR that account for the most important innovation constraints. Implications and potential policy responses are discussed.

Download Full-text

Apply or not to apply?

Bratislava Law Review ◽

10.46282/blr.2020.4.2.171 ◽

2020 ◽

Vol 4 (2) ◽

pp. 81-94

Author(s):

Matúš Mesarčík

Keyword(s):

Data Protection ◽

Personal Data ◽

The European Union ◽

Privacy Regulation ◽

New Era ◽

General Data Protection Regulation ◽

Consumer Privacy ◽

Privacy Act ◽

General Data ◽

The Eu

A new era of data protection laws arises after the adoption of the General Data Protection Regulation (GDPR) in the European Union. One of the newly adopted regulations of processing of personal data is Californian Consumer Privacy Act commonly referred to as CCPA. The article aims to fill the gap considering a deep analysis of the territorial scope of both acts and practical consequences of the application. The article starts with a brief overview of privacy regulation in the EU and USA. Introduction to GDPR and CCPA follows focusing on the territorial scope of respective legislation. Three scenarios of applicability are derived in the following part including practical examples.

Download Full-text

The EU’s General Data Protection Regulation (GDPR) in a Research Context

Fundamentals of Clinical Data Science ◽

10.1007/978-3-319-99713-1_5 ◽

2018 ◽

pp. 55-71 ◽

Cited By ~ 4

Author(s):

Christopher F. Mondschein ◽

Cosimo Monda

Keyword(s):

Data Protection ◽

Regulatory Mechanism ◽

Personal Data ◽

General Data Protection Regulation ◽

Secondary Use ◽

Research Context ◽

Specific Focus ◽

General Data ◽

The Eu

AbstractThis chapter introduces the rational and regulatory mechanism underlying the EU data protection framework with specific focus on the EU’s General Data Protection Regulation (GDPR). It outlines the applicability of the research exemption included in the GDPR and discusses further or secondary use of personal data for research purposes.

Download Full-text

The Right of Irregular Immigrants to Outstanding Remuneration under the EU Sanctions Directive: Rethinking Domestic Labour Policy in a Globalised World

European Journal of Migration and Law ◽

10.1163/157181611x605873 ◽

2011 ◽

Vol 13 (4) ◽

pp. 389-410 ◽

Cited By ~ 2

Author(s):

Elaine Dewhurst

Keyword(s):

Current Approach ◽

Eu Member States ◽

Labour Policy ◽

Opt Out ◽

Significant Divergence ◽

Domestic Labour ◽

The Right ◽

Domestic Level ◽

The Eu

Abstract This article will analyse the provisions of, and the rationale for, the EU Sanctions Directive and the significant divergence in treatment of irregular immigrants in EU Member States, in particular, in relation to the provision of outstanding remuneration, which the EU Sanctions Directive has highlighted. Ireland, a state that has chosen to opt-out of the Directive, has been selected as a case study to analyse some of the issues that states encounter in bringing domestic labour policy in line with globalisation. In particular, this article will address the phenomenon of irregular immigration to Ireland, the current approach to the provision of outstanding remuneration and the rationale behind this current approach. Finally, the article will conclude that the reasoning behind the Irish opt-out was based upon misinformed assumptions about the purpose of the provision of outstanding remuneration arising out of a ‘disconnect’ between immigration and labour policy at a domestic level.

Download Full-text