Personal Data and Contract Law: Challenges and Concerns about the Economic Exploitation of the Right to Data Protection

2018 ◽  
Vol 14 (4) ◽  
pp. 374-392
Author(s):  
Giuseppe Versaci
Keyword(s):  
Data Protection ◽  
Business Models ◽  
Policy Issue ◽  
Personal Data ◽  
Contract Law ◽  
Related Case ◽  
Economic Exploitation ◽  
Digital Business Models ◽  
The Right ◽  
The Eu

Abstract The so-called ‘free’ digital business models – users are not requested to pay a price, but to disclose personal data – are a very common reality. To tackle this phenomenon, the European Commission’s proposal of Directive on contracts for the supply of digital content used the concept of personal data as counter-performance. This stance proved to be quite problematic. It has been opposed by the European Data Protection Supervisor (EDPS) arguing that it should not be possible to subject the fundamental right to data protection to a commercial transaction. This article dwells upon the economic exploitability of the right to data protection, showing that Article 8 of the EU Charter of fundamental rights and the related case law of the CJEU do not justify the concerns raised by the EDPS. This seems to be confirmed by the fact that the legal traditions of the EU Member States recognize that personality rights can be the object of a contract, although they limit to a certain extent the private autonomy of the parties. Thus, the commodification of personal data – like the commodification of other incorporeal attributes of personality – is not banned. Rather, there is now a policy issue about how to handle the risk of personalized discrimination and the problem of inequality of bargaining power in digital business models based on personal data. In this respect, political decisions should not be too affected by conceptual barriers between data protection law and contract law. In line with this position, the author argues that the economic exploitation of the right to data protection should not be considered a waiver of the same right.

scholarly journals Applicable Law to Transnational Personal Data: Trends and Dynamics

2020 ◽  
Vol 21 (6) ◽  
pp. 1283-1308
Author(s):  
Jie (Jeanne) Huang
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Chinese Media ◽  
Applicable Law ◽  
Personal Data Protection ◽  
Regional Coordination ◽  
The Law ◽  
Model Law ◽  
The Right ◽  
The Eu

AbstractThe recent COVID-19 outbreak has pushed the tension of protecting personal data in a transnational context to an apex. Using a real case where the personal data of an international traveler was illegally released by Chinese media, this Article identifies three trends that have emerged at each stage of conflict-of-laws analysis for lex causae: (1) The EU, the US, and China characterize the right to personal data differently; (2) the spread-out unilateral applicable law approach comes from the fact that all three jurisdictions either consider the law for personal data protection as a mandatory law or adopt connecting factors leading to the law of the forum; and (3) the EU and China strongly advocate deAmericanization of substantive data protection laws. The trends and their dynamics provide valuable implications for developing the choice of laws for transnational personal data. First, this finding informs parties that jurisdiction is a predominant issue in data breach cases because courts and regulators would apply the law of the forum. Second, currently, there is no international treaty or model law on choice-of-law issues for transnational personal data. International harmonization efforts will be a long and difficult journey considering how the trends demonstrate not only the states’ irreconcilable interests but also how states may consider these interests as their fundamental values that they do not want to trade off. Therefore, for states and international organizations, a feasible priority is to achieve regional coordination or interoperation among states with similar values on personal data protection.

scholarly journals The Right to Privacy—A Fundamental Right in Search of Its Identity: Uncovering the CJEU’s Flawed Concept of the Right to Privacy

2019 ◽  
Vol 20 (05) ◽  
pp. 722-733 ◽  
Author(s):  
Valentin M. Pfisterer
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Fundamental Rights ◽  
The Political ◽  
Strong Impact ◽  
Right To Privacy ◽  
Eu Member States ◽  
The Right To Privacy ◽  
The Right ◽  
The Eu

AbstractIn recent years, the CJEU has impressively brought to bear the protection of the fundamental rights to privacy and protection of personal data as contained in the CFREU. The Court’s decisions in the Digital Rights, Schrems, Tele2, and PNR cases have reshaped the political and legal landscape in Europe and beyond. By restricting the powers of the governments of EU Member States and annulling legislative acts enacted by the EU legislator, the decisions had, and continue to have, effects well beyond the respective individual cases. Despite their strong impact on privacy and data protection across Europe, however, these landmark decisions reveal a number of flaws and inconsistencies in the conceptualization of the rights to privacy and protection of personal data as endorsed and interpreted by the CJEU. This Article identifies and discusses some of the shortcomings revealed in the recent CJEU privacy and data protection landmark decisions and proposes to the CJEU a strategy aimed at resolving these shortcomings going forward.

scholarly journals Can the Internet Forget? – Rhe Eight to be Forgotten in the EU Law and its Actual Impact on the Internet. Comparison of the Approaches Towards the Notion and Assessment of its Effectiveness

2020 ◽  
Vol 9 (1) ◽  
pp. 86-101
Author(s):  
Aleksandra Gebuza
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
The Internet ◽  
Eu Law ◽  
General Data Protection Regulation ◽  
Actual Impact ◽  
Right To Be Forgotten ◽  
General Data ◽  
The Right ◽  
The Eu

AbstractThe main aim of the article is to provide analysis on the notion of the right to be forgotten developed by the CJEU in the ruling Google v. AEPD & Gonzalez and by the General Data Protection Regulation within the context of the processing of personal data on the Internet. The analysis provides the comparison of approach towards the notion between European and American jurisprudence and doctrine, in order to demonstrate the scale of difficulty in applying the concept in practice.

From universal towards child-specific protection of the right to privacy online: Dilemmas in the EU General Data Protection Regulation

2017 ◽  
Vol 19 (5) ◽  
pp. 765-779 ◽  
Author(s):  
Milda Macenaite
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Best Interests ◽  
Right To Privacy ◽  
General Data Protection Regulation ◽  
Average Child ◽  
The Right To Privacy ◽  
General Data ◽  
The Right ◽  
The Eu

The new European Union (EU) General Data Protection Regulation aims to adapt children’s right to privacy to the ‘digital age’. It explicitly recognizes that children deserve specific protection of their personal data, and introduces additional rights and safeguards for children. This article explores the dilemmas that the introduction of the child-tailored online privacy protection regime creates – the ‘empowerment versus protection’ and the ‘individualized versus average child’ dilemmas. It concludes that by favouring protection over the empowerment of children, the Regulation risks limiting children in their online opportunities, and by relying on the average child criteria, it fails to consider the evolving capacities and best interests of the child.

scholarly journals DECONSTRUCTING DATA PROTECTION: THE ‘ADDED-VALUE’ OF A RIGHT TO DATA PROTECTION IN THE EU LEGAL ORDER

2014 ◽  
Vol 63 (3) ◽  
pp. 569-597 ◽  
Author(s):  
Orla Lynskey
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Fundamental Rights ◽  
Added Value ◽  
The European Union ◽  
Right To Privacy ◽  
The Right To Privacy ◽  
Individual Personality ◽  
The Right ◽  
The Eu

AbstractArticle 8 of the EU Charter of Fundamental Rights sets out a right to data protection which sits alongside, and in addition to, the established right to privacy in the Charter. The Charter's inclusion of an independent right to data protection differentiates it from other international human rights documents which treat data protection as a subset of the right to privacy. Its introduction and its relationship with the established right to privacy merit an explanation. This paper explores the relationship between the rights to data protection and privacy. It demonstrates that, to date, the Court of Justice of the European Union (CJEU) has consistently conflated the two rights. However, based on a comparison between the scope of the two rights as well as the protection they offer to individuals whose personal data are processed, it claims that the two rights are distinct. It argues that the right to data protection provides individuals with more rights over more types of data than the right to privacy. It suggests that the enhanced control over personal data provided by the right to data protection serves two purposes: first, it proactively promotes individual personality rights which are threatened by personal data processing and, second, it reduces the power and information asymmetries between individuals and those who process their data. For these reasons, this paper suggests that there ought to be explicit judicial recognition of the distinction between the two rights.

scholarly journals Tracing Individuals under the EU Regime on Serious, Cross-border Health Threats: An Appraisal of the System of Personal Data Protection

2017 ◽  
Vol 8 (4) ◽  
pp. 700-722 ◽  
Author(s):  
Patrycja DĄBROWSKA-KŁOSIŃSKA
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Integrated Approach ◽  
Border Health ◽  
Health Security ◽  
Personal Data Protection ◽  
Cross Border ◽  
Health Threats ◽  
The Right ◽  
The Eu

AbstractThe article tackles the issue of personal data protection in case of tracing (looking for) individual persons who have been exposed to health risks pursuant to the EU Decision 1082/2013 on Serious, Cross-border Health Threats. This problem exemplifies just one among many challenges of the health-security nexus in the EU. That is, it regards a certain trade-off between the limitation of individual rights and securing populations’ safety. The text appraises the safeguards for the (lawful) limitation of the right to data protection after an in-depth examination of the provisions of the Health Threats Decision, its implementing measures, the reports on its operation, and in light of the general EU data protection laws. In conclusion, it claims that a number of improvements are needed because of the incompleteness, and the insufficient coherence and transparency of the EU regime for health threats. The established shortcomings are, at least in part, caused by the new EU “integrated approach” to health and security. In effect, an overall philosophy of reforms of public health policy in the name of “all-hazards security” applied in the Health Threats Decision can result in a reduction of the adequate level of protection of individuals’ personal data.

scholarly journals COVID-19 and Applicable Law to Transnational Personal Data: Trends and Dynamics

2021 ◽  
Author(s):  
Jie Huang
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Chinese Media ◽  
Applicable Law ◽  
Personal Data Protection ◽  
Regional Coordination ◽  
The Law ◽  
Model Law ◽  
The Right ◽  
The Eu

The recent COVID-19 outbreak has pushed the tension of protecting personal data in a transnational context to an apex. Using a real case where the personal data of an international traveller was illegally released by Chinese media, the paper identifies that three trends have emerged at the each stage of conflict-of-laws analysis for lex causae: (1) the EU, the US, and China characterize the right to personal data differently, (2) the spread-out unilateral applicable law approach comes from the fact that all three jurisdictions either consider the law for personal data protection as a mandatory law or adopt connecting factors leading to the law of the forum, and (3) the EU and China strongly advocate de-Americanisation of substantive data protection laws. The trends and their dynamics provide valuable implications for developing the choice of laws for transnational personal data. First, this finding informs parties that jurisdiction is a predominant issue in data breach cases because courts and regulators would apply the forum law. Second, currently there is no international treaty or model law on choice-of-law issues for transnational personal data. International harmonization efforts will be a long and difficult journey considering how the trends demonstrate not only the states’ irreconcilable interests, but also how states may consider these interests as their fundamental values that they do not want to trade off. Therefore, for states and international organisations, a feasible priority is to achieve regional coordination or interoperation among states with similar values on personal data protection.

scholarly journals The protection of customer personal data as an element of entrepreneurs’ ethical conduct

2018 ◽  
Vol 21 (7) ◽  
pp. 27-44
Author(s):  
Ewa Kulesza
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Business Practices ◽  
Process Data ◽  
Member States ◽  
Eu Member States ◽  
Eu Directive ◽  
The Law ◽  
The Right ◽  
The Eu

The right to the protection of personal data, which is part of the right to privacy, is a fundamental human right. Thus, its guarantees were included in the high-level regulations of the European Union as well as the legal norms of the EU Member States. The first Polish law regulating the protection of personal data was adopted in 1997 as the implementation of EU Directive 95/46. The law imposed a number of obligations on public and private entities which process personal data in order to protect the rights of data subjects and, in particular, to guarantee them the ability to control the correctness of processing of their personal data. Therefore, the law obliged data controllers to process data only on the basis of the premises indicated in the legislation, to adequately secure data, and to comply with the disclosure obligation concerning data subjects, including their right to correct false or outdated data or to request removal of data processed in violation of the law. However, as complaints directed by citizens to the supervisory body—the Inspector General for Personal Data Protection—showed, personal data controllers, especially those operating in the private sector, did not comply with the law, acting in a manner that violated their customers’ rights. In the hitherto existing unfair business practices of entrepreneurs, the violations of the data protection provisions that were the most burdensome for customers were related to preventing them from exercising their rights, including the right to control the processing of data, as well as the failure to provide the controller’s business address, which made it impossible for subjects whose data were used in violation of the law or for the inspecting authorities to contact the company, a lack of data security and a failure to follow the procedures required by law, the failure to secure documents containing personal data or their abandonment, a lack of updating customer data, the use of unverified data sets and sending marketing offers to deceased people or incorrect target recipients, and excessive amounts of data requested by controllers. The violations of the rights of data subjects recorded in Poland and other EU Member States—among other arguments—provided inspiration for the preparation of a new legal act in the form of the EU General Data Protection Regulation (GDPR) (which entered into force on 25 May 2018). The extension of the rights of people whose data are processed was combined in the GDPR with the introduction of new legal instruments disciplining data controllers. Instruments in the form of administrative fines and the strongly emphasised possibility to demand compensation for a violation of the right to data protection were directed in particular against economic entities violating the law.

scholarly journals Toward Compatibility of the EU Trade Policy with the General Data Protection Regulation

AJIL Unbound ◽  
2020 ◽  
Vol 114 ◽  
pp. 10-14
Author(s):  
Svetlana Yakovleva ◽  
Kristina Irion
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Fundamental Rights ◽  
General Data Protection Regulation ◽  
Cross Border ◽  
Charter Of Fundamental Rights ◽  
Strong Position ◽  
General Data ◽  
The Right ◽  
The Eu

The European Union's (EU) negotiating position on cross-border data flows, which the EU has recently included in its proposal for the World Trade Organization (WTO) talks on e-commerce, not only enshrines the protection of privacy and personal data as fundamental rights, but also creates a broad exception for a Member's restrictions on cross-border transfers of personal data. This essay argues that maintaining such a strong position in trade negotiations is essential for the EU to preserve the internal compatibility of its legal system when it comes to the right to protection of personal data under the EU Charter of Fundamental Rights (EU Charter) and the recently adopted General Data Protection Regulation (GDPR).

Sign in / Sign up

Export Citation Format

Share Document