The European Approach towards Data Protection in a Globalized World of Data Transfer

Abstract Personalised medicine can improve both public and individual health by providing targeted preventative and therapeutic healthcare. However, patient health data must be shared between institutions and across jurisdictions for the benefits of personalised medicine to be realised. Whilst data protection, privacy, and research ethics laws protect patient confidentiality and safety they also may impede multisite research, particularly across jurisdictions. Accordingly, we compare the concept of data accessibility in data protection and research ethics laws across seven jurisdictions. These jurisdictions include Switzerland, Italy, Spain, the United Kingdom (which have implemented the General Data Protection Regulation), the United States, Canada, and Australia. Our paper identifies the requirements for consent, the standards for anonymisation or pseudonymisation, and adequacy of protection between jurisdictions as barriers for sharing. We also identify differences between the European Union and other jurisdictions as a significant barrier for data accessibility in cross jurisdictional multisite research. Our paper concludes by considering solutions to overcome these legislative differences. These solutions include data transfer agreements and organisational collaborations designed to `front load' the process of ethics approval, so that subsequent research protocols are standardised. We also allude to technical solutions, such as distributed computing, secure multiparty computation and homomorphic encryption.

Download Full-text

Data-protection ordering/disordering of a fuzzy logic model in a robotic agent via the optical-data-transfer line

Journal of Russian Laser Research ◽

10.1007/s10946-008-9022-5 ◽

2008 ◽

Vol 29 (4) ◽

pp. 322-335 ◽

Cited By ~ 1

Author(s):

Alexandr L. Antipov ◽

Alexey Yu. Bykovsky ◽

Anton A. Egorov

Keyword(s):

Fuzzy Logic ◽

Data Protection ◽

Data Transfer ◽

Logic Model ◽

Optical Data ◽

Transfer Line ◽

Fuzzy Logic Model ◽

Robotic Agent

Download Full-text

Compatibility of the EU and Georgian Personal Data Protection Regimes and Data Transfer

Law and World ◽

10.36475/7.5.3 ◽

2021 ◽

Vol 7 (5) ◽

pp. 40-46

Keyword(s):

European Union ◽

Data Protection ◽

Data Transfer ◽

Personal Data ◽

Data System ◽

Protection System ◽

The European Union ◽

Great Opportunity ◽

Association Agreement ◽

Personal Data Protection

The work discusses Personal Data Protection system under the European Union law, also Personal Data Protection in Georgia and the compatibility of those two regimes. Moreover, there were men- tioned ways how Georgia can adopt regulations and harmonize its legislation, to be compatible with the European Union Personal Data Protection regime. The work emphasized efforts of Georgia on the path of developing its Personal Data Protection system. The many citizens of Georgia don’t even have a knowledge that their Personal Data has to be defended. Although, the court practice of Georgia revealed good developing signs in this field. If before there were not any cases concerning personal data protection, today we have some good decisions regarding the personal data protection. The data transfer between the European Union and Georgia, is also implemented in the Association Agreement between the European Union and Georgia. Here as well has to be mentioned that the Association Agreement was the greatest step for Georgia, it was the great opportunity to harmonize Georgian Personal Data system with a European. Step by step, Georgia is straining to become a member of the European Union. Thus, this work is a look through past and future of Georgian and EU relations in the field of Personal Data system.

Download Full-text

The right to data protection and the COVID-19 pandemic: the European approach

ERA Forum ◽

10.1007/s12027-020-00644-4 ◽

2020 ◽

Vol 21 (4) ◽

pp. 533-543

Author(s):

Magdalena Kędzior

Keyword(s):

Data Protection ◽

European Approach ◽

The Right

Download Full-text

Data Protection in the Cloud

Computer Law Review International ◽

10.9785/ovs-cri-2011-76 ◽

2011 ◽

Vol 12 (3) ◽

Author(s):

Peter Blume

Keyword(s):

Cloud Computing ◽

Member State ◽

Data Protection ◽

Data Security ◽

Data Transfer ◽

Protection Agency ◽

Starting Point ◽

Data Protection Law ◽

The Relationship ◽

Data Subject

AbstractThis article discusses the data protection issues made topical by cloud computing. It takes its starting point in a decision made by the Danish Data Protection Agency which is probably the first decision concerning this issue in an EU member state. The article focuses on the relationship between controller and processor, data security, data transfer and data subject rights. It concludes that cloud computing is a challenge but that data protection law should be able to meet that challenge.

Download Full-text

Analyzing Remote Server Locations for Personal Data Transfers in Mobile Apps

Proceedings on Privacy Enhancing Technologies ◽

10.1515/popets-2017-0008 ◽

2017 ◽

Vol 2017 (1) ◽

pp. 118-131 ◽

Cited By ~ 3

Author(s):

Mojtaba Eskandari ◽

Bruno Kessler ◽

Maqsood Ahmad ◽

Anderson Santana de Oliveira ◽

Bruno Crispo

Keyword(s):

Mobile Devices ◽

Data Protection ◽

High Speed ◽

Data Transfer ◽

Mobile Apps ◽

Personal Data ◽

Analysis Tool ◽

The European Union ◽

Wide Range ◽

Almost All

Abstract The prevalence of mobile devices and their capability to access high speed internet has transformed them into a portable pocket cloud interface. Being home to a wide range of users’ personal data, mobile devices often use cloud servers for storage and processing. The sensitivity of a user’s personal data demands adequate level of protection at the back-end servers. In this regard, the European Union Data Protection regulations (e.g., article 25.1) impose restriction on the locations of European users’ personal data transfer. The matter of concern, however, is the enforcement of such regulations. The first step in this regard is to analyze mobile apps and identify the location of servers to which personal data is transferred. To this end, we design and implement an app analysis tool, PDTLoc (Personal Data Transfer Location Analyzer), to detect violation of the mentioned regulations. We analyze 1, 498 most popular apps in the EEA using PDTLoc to investigate the data recipient server locations. We found that 16.5% (242) of these apps transfer users’ personal data to servers located at places outside Europe without being under the control of a data protection framework. Moreover, we inspect the privacy policies of the apps revealing that 51% of these apps do not provide any privacy policy while almost all of them contact the servers hosted outside Europe.

Download Full-text

Towards a Common European Approach to Data Protection: A Critical Analysis of Data Protection Perspectives of the Council of Europe and the European Union

Reinventing Data Protection? ◽

10.1007/978-1-4020-9498-9_17 ◽

2009 ◽

pp. 275-292 ◽

Cited By ~ 2

Author(s):

Sjaak Nouwt

Keyword(s):

European Union ◽

Data Protection ◽

Critical Analysis ◽

The European Union ◽

Council Of Europe ◽

European Approach

Download Full-text

Data Protection Regulation and International Arbitration: Can There Be Harmonious Coexistence (with the GDPR Requirements Concerning Cross-Border Data Transfer)?

Legal Issues in the Digital Age ◽

10.17323/2713-2749.2021.2.21.48 ◽

2021 ◽

Vol 2 (2) ◽

pp. 21-48

Author(s):

Elena Mazetova

Keyword(s):

Data Protection ◽

Data Transfer ◽

Digital Environment ◽

International Arbitration ◽

Basic Principles ◽

Global Trends ◽

Cross Border ◽

Regulatory Regimes

Recent global trends are producing powerful growth in the digital environment, and its spread is prompting adoption of strict and comprehensive regulation to ensure data protection. This results in a number of difficulties, one of which is lack of consistency between data protection regulation and the regulatory regimes applicable to specific industries and institutions. That inconsistency is particularly evident in the field of international arbitration — one of the most widely used and convenient methods for resolving international disputes. The principles and fundamental concepts that largely define international arbitration, such as autonomy of the parties and confidentiality, have made its use very well accepted and widespread. However, data protection requirements often force the parties that are subject to them to make a difficult choice between the basic principles of international arbitration and the requirements of data protection regulation. This bind has come about because data protection regulation, which generally imposes comprehensive compliance obligations, rarely takes into account the specifics of the industries in which it will be applied. In this article it is analyzing application of the GDPR requirements that pertain to cross-border data transfer from the perspective of international arbitration in order to illustrate difficulties and regulatory gaps that may be encountered by the entities interested in thorough compliance with the applicable regulations.

Download Full-text