scholarly journals General Data Protection Regulation (GDPR) – Revolution Coming to European Data Protection Laws in 2018. What’s New for Ordinary Citizens?

2018 ◽  
Vol 23 ◽  
pp. 123
Author(s):  
Natalia Daśko
Keyword(s):  
Data Protection ◽  
General Data Protection Regulation ◽  
European Data ◽  
General Data ◽  
Ordinary Citizens

European Data Protection Regulation, Journalism, and Traditional Publishers

2019 ◽  
Author(s):  
David Erdos
Keyword(s):  
New Media ◽  
Data Protection ◽  
Freedom Of Expression ◽  
Code Of Conduct ◽  
Academic Disciplines ◽  
General Data Protection Regulation ◽  
European Data ◽  
General Data ◽  
Professional Artists ◽  
Normative Perspective

This book explores the interface between European data protection and the freedom of expression activities of traditional journalism, professional artists, and both academic and non-academic writers from both an empirical and normative perspective. It draws on an exhaustive examination of both historical and contemporary public domain material and a comprehensive questionnaire of European Data Protection Authorities (DPAs). Empirically it is found that, notwithstanding an often confusing statutory landscape, DPAs have sought to develop an approach to regulating the journalistic media based on contextual rights balancing. However, they have struggled to secure a clear and specified criterion of strictness as regards standard-setting or a consistent and reliable approach to enforcement. DPAs have appeared even more confused as regards other traditional publishers, largely abstaining from regulating most professional artists and writers but attempting to subject all academic disciplines to onerous statutory restrictions established for medical, scientific, and related research. From these findings, it is argued that balancing contextual rights has value and should be both generalized across all traditional publishers and systematically and sensitively developed through structured and robust co-regulation. Such co-regulation should adopt the new code of conduct and monitoring provisions included in the General Data Protection Regulation (GDPR) as a broad guideline. DPAs should accord strong deference to any codes and monitoring bodies which verifiably meet the accredited criteria but must engage more proactively when these are absent. In any case, DPAs should also intervene directly as regards particularly serious or systematic issues and have an increasingly important role in ensuring a joined-up approach between traditional publishing and new media activity.

scholarly journals How Comprehensive Is Chinese Data Protection Law? A Systematisation of Chinese Data Protection Law from a European Perspective

2020 ◽  
Vol 69 (12) ◽  
pp. 1191-1203
Author(s):  
Anja Geller
Keyword(s):  
Data Protection ◽  
European Perspective ◽  
General Development ◽  
General Direction ◽  
General Data Protection Regulation ◽  
Chinese Law ◽  
European Data ◽  
General Data ◽  
Data Protection Law

Abstract In China, there is no unified data protection law similar to the EU’s General Data Protection Regulation (GDPR). As a result, there are many different relevant regulations. Among other things, this makes enforcement and comprehension more difficult. To alleviate this problem and assess the comprehensiveness of Chinese data protection, this article uses the GDPR as a frame to organise and systematise the most important Chinese regulations. Binding and non-binding as well as enacted and draft provisions are included to show the dynamic progress and the general direction of Chinese law. While from a European data protection perspective there still are numerous deficiencies, the general development is positive.

Conclusion

2021 ◽  
pp. 256-260
Author(s):  
Dara Hallinan
Keyword(s):  
Data Protection ◽  
Baseline Level ◽  
Genetic Privacy ◽  
General Data Protection Regulation ◽  
Early Stages ◽  
European Data ◽  
General Data ◽  
Data Protection Law

This concluding chapter argues that European data protection law, under the General Data Protection Regulation (GDPR), can and ought to be looked at to play a central role in the protection of genetic privacy in biobanking in Europe. In the first instance, the substantive framework presented by the GDPR already offers an impressive baseline level of protection for genetic privacy. In turn, while numerous problems with this baseline standard of protection are identifiable, the GDPR offers the normative flexibility to accommodate solutions to these problems, as well as the procedural mechanisms to facilitate the realisation of solutions. The interaction between GDPR and biobanking is still, however, in the early stages. Whether this potential is realised now depends on the decisions and actions of regulatory stakeholders in the biobanking space. Their decisions have the potential to optimise or undermine the GDPR as a system for the protection of genetic privacy in biobanking. The biobanking community also have consequential choices as to how they perceive and operationalise the GDPR.

Do We Need Data Protection at All?

2021 ◽  
pp. 91-128
Author(s):  
Dara Hallinan
Keyword(s):  
Data Protection ◽  
Thought Experiment ◽  
Legal Systems ◽  
Genetic Privacy ◽  
General Data Protection Regulation ◽  
European Data ◽  
Viable Solution ◽  
General Data ◽  
Data Protection Law ◽  
The Uk

This chapter assesses whether there is any need to consider European data protection law as a framework for the protection of genetic privacy in biobanking in Europe at all. To answer the question, the chapter conducts a thought experiment and examines what the standard of protection in Europe would look like if one were to exclude data protection law from consideration. This is merely a thought experiment, as data protection already plays, and will continue to play, a significant role in the protection of genetic privacy in biobanking in Europe. The exercise is enlightening, however, in showing the extent of flaws in protection in European legal systems stripped of data protection. In this regard, the chapter then maps the protection provided to genetic privacy in biobanking by the EU's, and three European states'—Estonia, Germany, and the UK—legal systems. It then engages in a critical analysis, highlighting the significant inadequacy of the protection provided by these systems excluding data protection law. Finally, the chapter shows why, generally, European data protection law under the General Data Protection Regulation (GDPR) looks a viable solution to address the problems displayed by other approaches.

The benefits and challenges of general data protection regulation for the information technology sector

2019 ◽  
Vol 21 (5) ◽  
pp. 510-524 ◽  
Author(s):  
Nazar Poritskiy ◽  
Flávio Oliveira ◽  
Fernando Almeida
Keyword(s):  
Information Technology ◽  
Data Protection ◽  
The State ◽  
Quantitative Methodology ◽  
Content Type ◽  
General Data Protection Regulation ◽  
European Data ◽  
General Data ◽  
The Right ◽  
The Impact

PurposeThe implementation of European data protection is a challenge for businesses and has imposed legal, technical and organizational changes for companies. This study aims to explore the benefits and challenges that companies operating in the information technology (IT) sector have experienced in applying the European data protection. Additionally, this study aims to explore whether the benefits and challenges faced by these companies were different considering their dimension and the state of implementation of the regulation.Design/methodology/approachThis study adopts a quantitative methodology, based on a survey conducted with Portuguese IT companies. The survey is composed of 30 questions divided into three sections, namely, control data; assessment; and benefits and challenges. The survey was created on Google Drive and distributed among Portuguese IT companies between March and April of 2019. The data were analyzed using the Stata software using descriptive and inferential analysis techniques using the ANOVA one-way test.FindingsA total of 286 responses were received. The main benefits identified by the application of European data protection include increased confidence and legal clarification. On the other hand, the main challenges include the execution of audits to systems and processes and the application of the right to erasure. The findings allow us to conclude that the state of implementation of the general data protection regulation (GDPR), and the type of company are discriminating factors in the perception of benefits and challenges.Research limitations/implicationsThis study has essentially practical implications. Based on the synthesis of the benefits and challenges posed by the adoption of European data protection, it is possible to assess the relative importance and impact of the benefits and challenges faced by companies in the IT sector. However, this study does not explore the type of challenges that are placed at each stage of the adoption of European data protection and does not take into account the specificities of the activities carried out by each of these companies.Originality/valueThe implementation of the GDPR is still in an initial phase. This study is pioneering in synthesizing the main benefits and challenges of its adoption considering the companies operating in the IT sector. Furthermore, this study explores the impact of the size of the company and the status of implementation of the GDPR on the perception of the established benefits and challenges.

scholarly journals Adtech and Real-Time Bidding under European Data Protection Law

2021 ◽  
Author(s):  
Michael Veale ◽  
Frederik Zuiderveen Borgesius
Keyword(s):  
Real Time ◽  
Data Protection ◽  
Mobile Applications ◽  
Security Requirements ◽  
Legal Basis ◽  
General Data Protection Regulation ◽  
European Data ◽  
Prior Consent ◽  
General Data ◽  
Data Protection Law

This paper discusses the troubled relationship between contemporary advertising technology (adtech) systems, in particular systems of real-time bidding (RTB, also known as programmatic advertising) underpinning much behavioural targeting on the web and through mobile applications. This paper analyses the extent to which practices of RTB are compatible with the requirements regarding (i) a legal basis for processing, transparency, and security in European data protection law. We first introduce the technologies at play through explaining and analysing the systems deployed online today. Following that, we turn to the law. Rather than analyse RTB against every provision of the General Data Protection Regulation (GDPR), we consider RTB in the context of the GDPR’s requirement of a legal basis for processing and the GDPR’s transparency and security requirements. We show, first, that the GDPR requires prior consent of the internet user for RTB, as other legal bases are not appropriate. Second, we show that it is difficult – and perhaps impossible – for website publishers and RTB companies to meet the GDPR’s transparency requirements. Third, RTB incentivises insecure data processing. We conclude that, in concept and in practice, RTB is structurally difficult to reconcile with European data protection law. Therefore, intervention by regulators is necessary.

scholarly journals Context-Relative Norms Determine the Appropriate Type of Consent in Clinical Biobanks: Towards a Potential Solution for the Discrepancy between the General Data Protection Regulation and the European Data Protection Board on Requirements for Consent

2020 ◽  
Vol 26 (6) ◽  
pp. 3271-3284
Author(s):  
R. Indrakusuma ◽  
S. Kalkman ◽  
M. J. W. Koelemay ◽  
R. Balm ◽  
D. L. Willems
Keyword(s):  
Data Protection ◽  
Working Party ◽  
Information Flows ◽  
Broad Consent ◽  
The European Union ◽  
Advisory Body ◽  
General Data Protection Regulation ◽  
Processing Data ◽  
European Data ◽  
General Data

AbstractClinical biobanks processing data of participants in the European Union (EU) fall under the scope of the General Data Protection Regulation (GDPR), which among others includes requirements for consent. These requirements are further specified by the Article 29 Working Party (WP29)—an EU advisory body currently known as the European Data Protection Board (EDPB). Unfortunately, their guidance is cause for some confusion. While the GDPR allows participants to give broad consent for research when specific research purposes are still unknown, the WP29 guidelines suggest that additional consent for specific uses should be obtained in addition to broad consent when this becomes applicable. This discrepancy elicits the question whether clinical biobanks can fail the requirement of consent if they obtain broad consent, but not a specific consent for each biomedical study. We analysed this discrepancy within the framework of contextual integrity, in order to describe the context-relative informational norms that govern information flows in clinical biobanks. However, our analysis demonstrates that there is no uniform set of norms that can be applied to all clinical biobanks. As such, neither the GDPR nor the WP29 guidance can act as a “one size fits all” approach to all clinical biobanks. Rather, differences between clinical biobanks—especially regarding the scientific aims and patient populations—make the case for context-relative norms that determine the appropriate type of consent.

scholarly journals AUTONOMOUS VEHICLES AND EUROPEAN DATA PROTECTION LAW

2020 ◽  
Vol 17 (1) ◽  
pp. 6
Author(s):  
Eva Fialová
Keyword(s):  
Data Protection ◽  
Autonomous Vehicles ◽  
Personal Data ◽  
Legal Regulation ◽  
Huge Amount ◽  
General Data Protection Regulation ◽  
Location Data ◽  
European Data ◽  
Protection Legislation ◽  
General Data

Autonomous vehicles process a huge amount of data about the driver, or rather passengers of the vehicle, as well as about other persons (pedestrians and passengers of other vehicles). This is why the autonomous vehicles raise questions about the protection of personal data. In 2018 a new European data protection legislation came into force. The General Data Protection Regulation places new obligations on controllers of personal data and provides new rights to data subjects, which will relate to operations of autonomous vehicles and their infrastructure. The providers thereof will have to implement the principles of data protection legislation into their systems. In this context the personal data is not just data concerning the identity of the driver, a passenger or other persons, but any information relating to an identified or identifiable natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, or even due to a peculiar behaviour in the vehicle. The paper will focus on the new legal regulation in relation to the operation of autonomous vehicles.Autonomní vozidla zpracovávají velké množství údajů o řidiči vozidla, resp. cestujících ve vozidle, jakož i o dalších osobách (spolucestujících, chodcích a pasažérech v jiných vozidlech). To je důvod, proč provoz autonomních vozidel vyvolává řadu otázek týkajících se ochrany osobních údajů. V roce 2018 nabyla účinnosti nová evropská právní úprava regulující tuto oblast. Obecné nařízení o ochraně osobních údajů přináší nové povinnosti správcům osobních údajů, jakož i nová práva subjektům údajů, která se budou týkat provozu autonomních vozidel a infrastruktury. Výrobci a poskytovatelé služeb budou muset do svých systémů implementovat legislativu o ochraně osobních údajů. Osobními údaji nejsou pouze údaje týkající se totožnosti řidiče, cestujících nebo jiných osob, ale veškeré informace vztahujících se k identifikované nebo identifikovatelné fyzické osobě, kterou lze přímo nebo nepřímo identifikovat, zejména odkazem na identifikátor, jako je např. název, identifikační číslo, lokalizační údaje, nebo třeba i kvůli osobitému chování ve vozidle. Tento článek se zaměřuje na novou právní úpravu ve vztahu k provozu autonomních vozidel.

scholarly journals Directive on certain aspects concerning contracts for the supply of digital content and digital services & the EU data protection legal framework: are worlds colliding?

2019 ◽  
Vol 5 (2) ◽  
pp. 34-42
Author(s):  
Maria De Almeida Alves
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Legal Framework ◽  
Digital Content ◽  
General Data Protection Regulation ◽  
Digital Services ◽  
European Data ◽  
General Data ◽  
The Eu

This Paper will address the interplay between the Directive on certain aspects concerning contracts for the supply of digital content and digital services and the current EU data protection framework, namely the General Data Protection Regulation. Albeit the Directive has the aim of protecting consumers, has it gone too far and made a crack in the data protection EU legal framework? Can personal data be treated as a commodity or is its scope as a counter-performance subject to a particular interpretation? I shall analyze these questions in light of the European Data Protection Supervisor’s Opinion 4/2017 and the European Data Protection Board’s Guidelines 2/2019.

Sign in / Sign up

Export Citation Format

Share Document