scholarly journals The Budapest Convention and the General Data Protection Regulation: acting in concert to curb cybercrime?

2020 ◽  
Vol 1 (1-2) ◽  
pp. 63-72 ◽  
Author(s):  
David Wicki-Birchler
Keyword(s):  
Data Protection ◽  
Public Institution ◽  
General Data Protection Regulation ◽  
The Public ◽  
Starting Point ◽  
Entry Points ◽  
General Data ◽  
Legal Frameworks ◽  
Acting In Concert ◽  
The Internet Of Things

Abstract The Budapest Convention and the General Data Protection Regulation (GDPR)—two Legal Frameworks designed to curb cybercrime. While the Convention on Cybercrime of the Council of Europe, the Budapest Convention, is the only binding international instrument on this issue, the GDPR is globally setting standards in data protection Law. How are the two policies working to curb cybercrime? Cybercrime concerns every person, every company, every authority and every public institution. The fact that the origin as well as the target of the criminal act can be located virtually everywhere around the globe sets a new challenge for lawmakers in their efforts to protect society. The increasing use and importance of the Internet of Things will create new conveniences for the public to enjoy and at the same time provide countless new entry points for hackers to gain access to devices, networks and valuable data, all of which might be abused for criminal intents. The Budapest Convention on Cybercrime plays a crucial role in the fight against cybercrime by setting state of the art principle based criminal law standards and important procedural rules with regard to the provisional storage of data to be potentially used as evidence in prosecuting criminal acts. GDPR is blazing the trail for the appropriate handling of data, and is thereby—albeit from a different starting point—significantly contributing to an improved data security framework and thus efficiently curbing cybercrime.

scholarly journals La responsabilidad proactiva de las Administraciones Públicas en la protección de datos personales.

2020 ◽  
pp. 138-153
Author(s):  
Aritz ROMEO RUIZ
Keyword(s):  
Public Administration ◽  
Data Protection ◽  
Main Idea ◽  
Personal Data ◽  
Practical Implementation ◽  
Organizational Changes ◽  
General Data Protection Regulation ◽  
The Public ◽  
General Terms ◽  
General Data

Laburpena: Lan honen helburua da administrazio publikoak datu pertsonalen tratamenduan duen erantzukizun proaktiboaren printzipioaren analisia eskaintzea, eta ikuspegi juridikoa ematea praktikan errazago aplikatzeko. Lana lau ataletan egituratuta dago. Lehenengoan, datu pertsonalen babesa arautzen duen esparru berriaren aurkezpen orokorra egiten da; hau da, Datuak Babesteko Erregelamendu Orokorrak (EB) ezartzen duen araudi berria aurkezten da. Bigarren atala erantzukizun proaktiboari buruzkoa da, administrazio publikoek datu pertsonalak tratatzeko oinarrizko printzipio gisa. Hirugarrenak proposatzen ditu administrazio publikoek praktikan erantzukizun proaktiboaren printzipioa betetzeko kontuan har ditzaketen hainbat neurri. Azkenik, laugarren atalak gogoeta egiten du antolamendu-aldaketak egiteko beharrari buruz, Erregelamendu Orokorraren printzipioak betetzen dituztela ziurtatzeko eta herritarrek eskubideak balia ditzaten ziurtatzeko; horrez gain, aipamen berezia egiten dio datuak babesteko ordezkariaren figurari. Ondorioztatzen den ideia nagusia da garrantzitsua dela administrazio publikoek datuak babesteko politika bat diseinatzea, lehenetsita aplikatuko dena, eta ez bakarrik erantzukizun politikoak dituztenei, baizik eta sektore publikoan lan egiten duten pertsona guztiei eragingo diena. Resumen: El presente trabajo tiene como objetivo ofrecer un análisis del principio de responsabilidad proactiva en el tratamiento de datos personales por parte de la administración pública, y pretende aportar una visión jurídica para facilitar su aplicación en la práctica. El trabajo está estructurado en cuatro apartados. En el primero de ellos se presenta, en términos generales, el nuevo marco regulador de la protección de datos personales, que es consecuencia del Reglamento (UE) General de Protección de Datos. El segundo apartado está dedicado a la responsabilidad proactiva como principio básico del tratamiento de datos personales por las administraciones públicas. El tercero propone una serie de medidas que las administraciones públicas pueden tener en cuenta para cumplir con el principio de responsabilidad proactiva en la práctica. Finalmente, el apartado cuarto aporta una reflexión sobre la necesidad de introducir cambios organizacionales para asegurar el cumplimiento de los principios del Reglamento General de Protección de datos y del ejercicio de derechos por la ciudadanía, con una especial mención a la figura del delegado o delegada de protección de datos. La principal idea que se concluye es la importancia de que las administraciones públicas diseñen una política de protección de datos que se aplique por defecto, e implique, no sólo a quienes ejercen responsabilidades políticas, sino a todas las personas que trabajan en el sector público. Abstract: The present work aims to offer an analysis of the principle of proactive responsibility in the treatment of personal data by the public administration, and aims to provide a legal vision to facilitate its practical implementation. The work is structured in four sections. The first of these presents, in general terms, the new regulatory framework for the protection of personal data, which is a consequence of the General Data Protection Regulation (EU). The second section is dedicated to proactive responsibility as a basic principle of the processing of personal data by public administrations. The third proposes a series of measures that public administrations can take into account to comply with the principle of proactive responsibility in practice. Finally, the fourth section provides a reflection on the need to introduce organizational changes to ensure compliance with the principles of the General Data Protection Regulation and the exercise of rights by citizens, with special reference to the figure of the Data Protection Officer. The main idea that is concluded is the importance for public administrations to design a data protection policy that is applied by default, and involves not only those who exercise political responsibilities, but also all those who work in the public sector.

Developing a Digital Welfare State: Data Protection and the Use of Automated Decision-Making in the Public Sector across Six EU Countries

2020 ◽  
Vol 1 (1) ◽  
Author(s):  
Marta Choroszewicz ◽  
Beata Mäihäniemi
Keyword(s):  
Decision Making ◽  
Public Sector ◽  
The Netherlands ◽  
Welfare State ◽  
Data Protection ◽  
New Technologies ◽  
General Data Protection Regulation ◽  
The Public ◽  
General Data ◽  
Automated Decision Making

This article uses the sociolegal perspective to address current problems surrounding data protection and the experimental use of automated decision-making systems. This article outlines and discusses the hard laws regarding national adaptations of the European General Data Protection Regulation and other regulations as well as the use of automated decision-making in the public sector in six European countries (Denmark, Sweden, Germany, Finland, France, and the Netherlands). Despite its limitations, the General Data Protection Regulation has impacted the geopolitics of the global data market by empowering citizens and data protection authorities to voice their complaints and conduct investigations regarding data breaches. We draw on the Esping-Andersen welfare state typology to advance our understanding of the different approaches of states to citizens’ data protection and data use for automated decision-making between countries in the Nordic regime and the Conservative-Corporatist regime. Our study clearly indicates a need for additional legislation regarding the use of citizens’ data for automated decision-making and regulation of automated decision-making. Our results also indicate that legislation in Finland, Sweden, and Denmark draws upon the mutual trust between public administrations and citizens and thus offers only general guarantees regarding the use of citizens’ data. In contrast, Germany, France, and the Netherlands have enacted a combination of general and sectoral regulations to protect and restrict citizens’ rights. We also identify some problematic national policy responses to the General Data Protection Regulation that empower governments and related institutions to make citizens accountable to states’ stricter obligations and tougher sanctions. The article contributes to the discussion on the current phase of the developing digital welfare state in Europe and the role of new technologies (i.e., automated decision-making) in this phase. We argue that states and public institutions should play a central role in strengthening the social norms associated with data privacy and protection as well as citizens’ right to social security.

scholarly journals Biobanking between the EU and Third Countries — Can Data Sharing Be Facilitated via Soft Regulatory Tools?

2018 ◽  
Vol 25 (5) ◽  
pp. 517-536 ◽  
Author(s):  
Santa Slokenberga
Keyword(s):  
Data Sharing ◽  
Data Protection ◽  
Clinical Care ◽  
Research Capacity ◽  
Genomic Research ◽  
General Data Protection Regulation ◽  
Biobank Research ◽  
General Data ◽  
Legal Frameworks ◽  
The Eu

AbstractIn biobanking, collaboration and data sharing contribute to building genomic research capacity, and have the potential to further scientific advances that ultimately can result in advances in clinical care. However, in the absence of common applicable legal frameworks that enable collaboration, capacity building is hindered. With the applicability of the General Data Protection Regulation, the obstacles to data sharing which involve export of data from European Union Member States to third countries are expected to grow, rendering the collaboration between the EU and third countries even more challenging. This article examines how, if at all, data sharing in biobank research between the EU and third countries could be facilitated via the use of soft regulatory tools. It argues that although the existing soft tools might not in itself be suitable for meeting all the GDPR requirements, they could be the basis on which to raise the area-specific data protection bar globally.

scholarly journals Identification of IoT Actors

Sensors ◽  
2021 ◽  
Vol 21 (6) ◽  
pp. 2093 ◽  
Author(s):  
Suada Hadzovic ◽  
Sasa Mrdovic ◽  
Milutin Radonjic
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Computing Power ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
Data Processor ◽  
General Data ◽  
Data Controller ◽  
Dew Computing ◽  
The Internet Of Things

The Internet of Things (IoT) is a leading trend with numerous opportunities accompanied by advantages as well as disadvantages. Parallel with IoT development, significant privacy and personal data protection challenges are also growing. In this regard, the General Data Protection Regulation (GDPR) is often considered the world’s strongest set of data protection rules and has proven to be a catalyst for many countries around the world. The concepts and interaction of the data controller, the joint controllers, and the data processor play a key role in the implementation of the GDPR. Therefore, clarifying the blurred IoT actors’ relationships to determine corresponding responsibilities is necessary. Given the IoT transformation reflected in shifting computing power from cloud to the edge, in this research we have considered how these computing paradigms are affecting IoT actors. In this regard, we have introduced identification of IoT actors according to a new five-computing layer IoT model based on the cloud, fog, edge, mist, and dew computing. Our conclusion is that identifying IoT actors in the light of the corresponding IoT data manager roles could be useful in determining the responsibilities of IoT actors for their compliance with data protection and privacy rules.

scholarly journals The destruction of the ‘Windrush’ disembarkation cards: a lost opportunity and the (re)emergence of Data Protection regulation as a threat to longitudinal research

2018 ◽  
Vol 3 ◽  
pp. 112
Author(s):  
Andy Boyd ◽  
Matthew Woollard ◽  
John Macleod ◽  
Alison Park
Keyword(s):  
Data Protection ◽  
Longitudinal Research ◽  
Historical Records ◽  
Legal Basis ◽  
General Data Protection Regulation ◽  
The Public ◽  
Protection Legislation ◽  
General Data ◽  
New Research

Historical records and the research databases of completed studies have the potential either to establish new research studies or to inform follow-up studies assessing long-term health and social outcomes. Yet, such records are at risk of destruction resulting from misconceptions about data protection legislation and research ethics. The recent destruction of the Windrush disembarkation cards, which potentially could have formed the basis of a retrospective cohort study, illustrates this risk. As organisations across Europe transition to the EU General Data Protection Regulation (GDPR), this risk is being amplified due to uncertainty as to how to comply with complex new rules, and the requirement under GDPR that data owners catalogue their data and set data retention and destruction rules. The combination of these factors suggests there is a new meaningful risk that scientifically important historical records will be destroyed, despite the fact that GDPR provides a clear legal basis to hold historical records and to repurpose them for research for the public good. This letter describes this risk; details the legal basis enabling the retention and repurposing of these data; makes recommendations as to how to alleviate this risk; and finally encourages the research and research-active clinical community to contact their ‘Data Protection Officers’ to promote safe-keeping of historical records.

scholarly journals COVID-19 Research: Navigating the European General Data Protection Regulation (Preprint)

2020 ◽  
Author(s):  
Regina Becker ◽  
Adrian Thorogood ◽  
Johan Ordish ◽  
Michael J.S. Beauvais
Keyword(s):  
Public Interest ◽  
Data Protection ◽  
Personal Data ◽  
Individual Member ◽  
Sensitive Data ◽  
General Data Protection Regulation ◽  
The Public ◽  
General Data ◽  
High Standards ◽  
National Legislatures

UNSTRUCTURED Researchers must collaborate globally to rapidly respond to the COVID-19 pandemic. In Europe, the General Data Protection Regulation (GDPR) regulates the processing of personal data, including health data of value to researchers. Even during a pandemic, research still requires a legal basis for the processing of sensitive data, additional justification for its processing, and a basis for any transfer of data outside Europe. The GDPR does provide legal grounds and derogations that can support research addressing a pandemic, if the data processing activities are proportionate to the aim pursued and accompanied by suitable safeguards. During a pandemic, a public interest basis may be more promising for research than a consent basis, given the high standards set out in the GDPR. However, the GDPR leaves many aspects of the public interest basis to be determined by individual Member States, which have not fully or uniformly made use of all options. The consequence is an inconsistent legal patchwork that displays insufficient clarity and impedes joint approaches. The COVID-19 experience provides lessons for national legislatures. Responsiveness to pandemics requires clear and harmonized laws that consider the related practical challenges and support collaborative global research in the public interest.

scholarly journals Biobank and Biomedical Research: Responsibilities of Controllers and Processors Under the EU General Data Protection Regulation

2021 ◽  
pp. 61-89
Author(s):  
Ana Nordberg
Keyword(s):  
Biomedical Research ◽  
Public Interest ◽  
Data Protection ◽  
Personal Data ◽  
Historical Research ◽  
General Data Protection Regulation ◽  
The Public ◽  
General Data ◽  
The Eu

AbstractBiobanks are essential infrastructures in current health and biomedical research. Advanced scientific research increasingly relies on processing and correlating large amounts of genetic, clinical and behavioural data. These data are particularly sensitive in nature and the risk of privacy invasion and misuse is high. The EU General Data Protection Regulation (GDPR) developed and increased harmonisation, resulting in a framework in which the specific duties and obligations of entities processing personal data—controllers and processors—were defined. Biobanks, in the exercise of their functions, assume the role of controllers and/or processors and as such need to comply with a number of complex rules. This chapter analyses these rules in the light of Article 89 GDPR, which creates safeguards and derogations relating to ‘processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes’. It identifies key compliance challenges faced by biobanks as data controllers and processors, such as determining whether the GDPR is applicable and its intersection with other regulations; when a biobank should be considered controller and processor; and what are the main duties of biobanks as data controllers and processors and options for compliance.

scholarly journals COVID-19 Research: Navigating the European General Data Protection Regulation

10.2196/19799 ◽  
2020 ◽  
Vol 22 (8) ◽  
pp. e19799 ◽  
Author(s):  
Regina Becker ◽  
Adrian Thorogood ◽  
Johan Ordish ◽  
Michael J.S. Beauvais
Keyword(s):  
Public Interest ◽  
Data Protection ◽  
Personal Data ◽  
Individual Member ◽  
Sensitive Data ◽  
General Data Protection Regulation ◽  
The Public ◽  
General Data ◽  
High Standards ◽  
National Legislatures

Researchers must collaborate globally to rapidly respond to the COVID-19 pandemic. In Europe, the General Data Protection Regulation (GDPR) regulates the processing of personal data, including health data of value to researchers. Even during a pandemic, research still requires a legal basis for the processing of sensitive data, additional justification for its processing, and a basis for any transfer of data outside Europe. The GDPR does provide legal grounds and derogations that can support research addressing a pandemic, if the data processing activities are proportionate to the aim pursued and accompanied by suitable safeguards. During a pandemic, a public interest basis may be more promising for research than a consent basis, given the high standards set out in the GDPR. However, the GDPR leaves many aspects of the public interest basis to be determined by individual Member States, which have not fully or uniformly made use of all options. The consequence is an inconsistent legal patchwork that displays insufficient clarity and impedes joint approaches. The COVID-19 experience provides lessons for national legislatures. Responsiveness to pandemics requires clear and harmonized laws that consider the related practical challenges and support collaborative global research in the public interest.

Sign in / Sign up

Export Citation Format

Share Document