The practice of imposing administrative fines by the State Data Protection Inspectorate in the context of other EU Member States

The implementation of the EU General Data Protection Regulation (hereinafter referred to as the Regulation), which, among other things, aims to eliminate disparities between national systems and to alleviate unnecessary administrative burdens, began on 25 May 2018. Each Member State is to ensure that there is one or more independent public authorities (hereinafter referred to as the supervisory authority) responsible for monitoring the implementation of the Regulation. In Lithuania, personal data protection is supervised by two authorities, namely by the State Data Protection Inspectorate (hereinafter referred to as the SDPI) and by the Office of the Inspector of Journalist Ethics. The powers conferred on the supervisory authorities by the Regulation are greater and broader in scope than those granted under previous data protection legislation. Organizations which process personal data must ensure compliance with the requirements laid down in the Regulation. A supervisory authority that violates the provisions of the Regulation may be faced with heavy administrative fines and other sanctions. This article analyzes the practice of imposing administrative fines in the EU and in Lithuania as compared to other EU Member States. The author of the article believes that evaluating the practice of imposing administrative fines by the SDPI within the general context of the EU shall enable one to search for the reasons behind the current situation, as well as to improve the processes the SDPI employs to perform functions associated with data protection supervision. The article uses generalization and comparative analysis of scientific literature, legal documents and statistical data.

Download Full-text

The EU General Data Protection Regulation: How will it impact the regulation of research biobanks? Setting the legal frame in the Mediterranean and Eastern European area

Medical Law International ◽

10.1177/0968533218765044 ◽

2018 ◽

Vol 18 (4) ◽

pp. 241-255 ◽

Cited By ~ 2

Author(s):

Simone Penasa ◽

Iñigo de Miguel Beriain ◽

Carla Barbosa ◽

Anna Białek ◽

Theodora Chortara ◽

...

Keyword(s):

Data Protection ◽

Personal Data ◽

Eastern European ◽

Member States ◽

General Data Protection Regulation ◽

Eu Member States ◽

European Area ◽

General Data ◽

The Mediterranean ◽

The Eu

On 25 May 2018, the EU General Data Protection Regulation (GDPR) will come into force. As with the Data Protection Directive (95/46/EC), the regulation of biobanks for scientific research will be profoundly affected by this reform. Accordingly, a comparative survey of some of the existing national regulatory frameworks is of value to aid understanding of whether and how EU Member States will need to realign their systems to ensure compliance with the new Regulation. This article provides a comparison of the positions of Member States in the Mediterranean and Eastern European area, focusing especially on the existing regulatory framework on biobanks, the definition of personal and genetic data, the pseudonymization process, the processing of personal data for medical research purposes (and its impact on the right to consent of the individuals involved) and the secondary use of such data. The article concludes that effective implementation of the EU GDPR will represent a decisive catalyst for adaptive harmonization of biobanks regulation in the European framework.

Download Full-text

GEOGRAPHIC DATA AS PERSONAL DATA IN FOUR EU MEMBER STATES

ISPRS Annals of Photogrammetry Remote Sensing and Spatial Information Sciences ◽

10.5194/isprs-annals-iii-2-151-2016 ◽

2016 ◽

Vol III-2 ◽

pp. 151-157 ◽

Cited By ~ 1

Author(s):

A. J. de Jong ◽

B. van Loenen ◽

J. A. Zevenbergen

Keyword(s):

Data Protection ◽

Large Scale ◽

Personal Data ◽

Topographic Maps ◽

Member States ◽

Eu Member States ◽

Eu Directive ◽

Geographic Data ◽

Protection Legislation ◽

The Eu

The EU Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data aims at harmonising data protection legislation in the European Union. This should promote the free flow of products and services within the EU. This research found a wide variety of interpretations of the application of data protection legislation to geographic data. The variety was found among the different EU Member States, the different stakeholders and the different types of geographic data. In the Netherlands, the Data Protection Authority (DPA) states that panoramic images of streets are considered personal data. While Dutch case law judges that the data protection legislation does not apply if certain features are blurred and no link to an address is provided. The topographic datasets studied in the case studies do not contain personal data, according to the Dutch DPA, while the German DPA and the Belgian DPA judge that topographic maps of a large scale can contain personal data, and impose conditions on the processing of topographic maps. The UK DPA does consider this data outside of the scope of legal definition of personal data. The patchwork of differences in data protection legislation can be harmonised by using a traffic light model. This model focuses on the context in which the processing of the data takes place and has four categories of data: (1) sensitive personal data, (2) personal data, (3), data that can possibly lead to identification, and (4) non-personal data. For some geographic data, for example factual data that does not reveal sensitive information about a person, can be categorised in the third category giving room to opening up data under the INSPIRE Directive.

Download Full-text

GEOGRAPHIC DATA AS PERSONAL DATA IN FOUR EU MEMBER STATES

ISPRS Annals of Photogrammetry Remote Sensing and Spatial Information Sciences ◽

10.5194/isprsannals-iii-2-151-2016 ◽

2016 ◽

Vol III-2 ◽

pp. 151-157

Author(s):

A. J. de Jong ◽

B. van Loenen ◽

J. A. Zevenbergen

Keyword(s):

Data Protection ◽

Large Scale ◽

Personal Data ◽

Topographic Maps ◽

Member States ◽

Eu Member States ◽

Eu Directive ◽

Geographic Data ◽

Protection Legislation ◽

The Eu

Download Full-text

The protection of customer personal data as an element of entrepreneurs’ ethical conduct

Annales Etyka w życiu gospodarczym ◽

10.18778/1899-2226.21.7.02 ◽

2018 ◽

Vol 21 (7) ◽

pp. 27-44

Author(s):

Ewa Kulesza

Keyword(s):

Data Protection ◽

Personal Data ◽

Business Practices ◽

Process Data ◽

Member States ◽

Eu Member States ◽

Eu Directive ◽

The Law ◽

The Right ◽

The Eu

The right to the protection of personal data, which is part of the right to privacy, is a fundamental human right. Thus, its guarantees were included in the high-level regulations of the European Union as well as the legal norms of the EU Member States. The first Polish law regulating the protection of personal data was adopted in 1997 as the implementation of EU Directive 95/46. The law imposed a number of obligations on public and private entities which process personal data in order to protect the rights of data subjects and, in particular, to guarantee them the ability to control the correctness of processing of their personal data. Therefore, the law obliged data controllers to process data only on the basis of the premises indicated in the legislation, to adequately secure data, and to comply with the disclosure obligation concerning data subjects, including their right to correct false or outdated data or to request removal of data processed in violation of the law. However, as complaints directed by citizens to the supervisory body—the Inspector General for Personal Data Protection—showed, personal data controllers, especially those operating in the private sector, did not comply with the law, acting in a manner that violated their customers’ rights. In the hitherto existing unfair business practices of entrepreneurs, the violations of the data protection provisions that were the most burdensome for customers were related to preventing them from exercising their rights, including the right to control the processing of data, as well as the failure to provide the controller’s business address, which made it impossible for subjects whose data were used in violation of the law or for the inspecting authorities to contact the company, a lack of data security and a failure to follow the procedures required by law, the failure to secure documents containing personal data or their abandonment, a lack of updating customer data, the use of unverified data sets and sending marketing offers to deceased people or incorrect target recipients, and excessive amounts of data requested by controllers. The violations of the rights of data subjects recorded in Poland and other EU Member States—among other arguments—provided inspiration for the preparation of a new legal act in the form of the EU General Data Protection Regulation (GDPR) (which entered into force on 25 May 2018). The extension of the rights of people whose data are processed was combined in the GDPR with the introduction of new legal instruments disciplining data controllers. Instruments in the form of administrative fines and the strongly emphasised possibility to demand compensation for a violation of the right to data protection were directed in particular against economic entities violating the law.

Download Full-text

Article 50 International cooperation for the protection of personal data

The EU General Data Protection Regulation (GDPR) ◽

10.1093/oso/9780198826491.003.0090 ◽

2020 ◽

Author(s):

Christopher Kuner

Keyword(s):

International Cooperation ◽

Data Protection ◽

Personal Data ◽

Member States ◽

Eu Member States ◽

Protection Legislation ◽

Access Information ◽

Article 50 ◽

The Eu

Recital 6; Article 15(1)(c) (Right to access information about data recipients in third countries); Articles 70(1)(v) and (w) (Board’s tasks to facilitate exchanges with supervisory authorities in third countries and exchanges of knowledge on data protection legislation with supervisory authorities worldwide); Article 96 (Relationship with previously concluded agreements of the EU Member States).

Download Full-text

The EU General Data Protection Regulation (GDPR)

10.1093/oso/9780198826491.001.0001 ◽

2020 ◽

Cited By ~ 1

Keyword(s):

Data Protection ◽

Personal Data ◽

Privacy Regulation ◽

General Data Protection Regulation ◽

Data Protection Directive ◽

Ongoing Work ◽

Protection Legislation ◽

Recent Reform ◽

General Data ◽

The Eu

This new book provides an article-by-article commentary on the new EU General Data Protection Regulation. Adopted in April 2016 and applicable from May 2018, the GDPR is the centrepiece of the recent reform of the EU regulatory framework for protection of personal data. It replaces the 1995 EU Data Protection Directive and has become the most significant piece of data protection legislation anywhere in the world. This book is edited by three leading authorities and written by a team of expert specialists in the field from around the EU and representing different sectors (including academia, the EU institutions, data protection authorities, and the private sector), thus providing a pan-European analysis of the GDPR. It examines each article of the GDPR in sequential order and explains how its provisions work, thus allowing the reader to easily and quickly elucidate the meaning of individual articles. An introductory chapter provides an overview of the background to the GDPR and its place in the greater structure of EU law and human rights law. Account is also taken of closely linked legal instruments, such as the Directive on Data Protection and Law Enforcement that was adopted concurrently with the GDPR, and of the ongoing work on the proposed new E-Privacy Regulation.

Download Full-text

Features of transformation of legal entities in the conditions of Brexit

Yearly journal of scientific articles “Pravova derzhava” ◽

10.33663/0869-2491-2021-32-531-538 ◽

2021 ◽

pp. 531-538

Author(s):

Olha Ovechkina

Keyword(s):

United Kingdom ◽

The State ◽

Member States ◽

Eu Member States ◽

The United Kingdom ◽

The Status ◽

The Uk ◽

Actual Location ◽

The Eu ◽

Legal Entities

In connection with the decision to withdraw the UK from the EU a number of companies will need to take into account that from 1 January 2021 EU law will no longer apply to the United Kingdom and will become a "third country" for EU Member States, unless the provisions of bilateral agreements or multilateral trade agreements. This means that the four European freedoms (movement of goods, services, labor and capital) will no longer apply to UK companies to the same extent as they did during the UK's EU membership. The purpose of the article is to study, first of all, the peculiarities of the influence of Great Britain's withdrawal from the European Union on the legal regulation of the status of European legal entities. Brexit results in the inability to register European companies and European economic interest groups in the UK. Such companies already registered before 01.01.2021 have the opportunity to move their place of registration to an EU Member State. These provisions are defined in Regulations 2018 (2018/1298) and Regulations 2018 (2018/1299).British companies with branches in EU Member States will now be subject to the rules applicable to third-country companies, which provide additional information on their activities. In the EU, many countries apply the criterion of actual location, which causes, among other things, the problem of non-recognition of legal entities established in the country where the criterion of incorporation is used (including the United Kingdom), at the same time as the governing bodies of such legal entities the state where the settlement criterion is applied. Therefore, to reduce the likelihood of possible non-recognition of British companies, given the location of the board of such a legal entity in the state where the residency criterion applies, it seems appropriate to consider reincarnation at the actual location of such a company. Reducing the risks of these negative consequences in connection with Brexit on cross-border activities of legal entities is possible by concluding interstate bilateral and multilateral agreements that would contain unified rules on conflict of law regulation of the status of legal entities.

Download Full-text

Difference of application of VAT in EU member states during the supply of goods including installation

Acta Universitatis Agriculturae et Silviculturae Mendelianae Brunensis ◽

10.11118/actaun200856030047 ◽

2008 ◽

Vol 56 (3) ◽

pp. 47-56

Author(s):

Petr David ◽

Danuše Nerudová

Keyword(s):

Czech Republic ◽

Member State ◽

Scientific Work ◽

The State ◽

Member States ◽

Standard Methods ◽

Eu Countries ◽

Eu Member States ◽

The Eu

There still exist the differences in provision of VAT, in interpretation of VAT provisions and application of the rules in practice between the EU member states. Application of VAT during the supply of goods with installation to other EU member state, both during the existence of establishment in the state of customer and also without it, is considered to be one from the problematic field. Other discrepancies are created by inclusion of the sub suppliers, who can come from other EU member state or from the same state as customer, to this transaction. Questions of VAT application during the supply of goods with installation to other EU member state were processed by using standard methods of scientific work in the frame of five selected EU countries – Hungary, Poland, Romania, Slovakia and Czech Republic.

Download Full-text

The Development of European Data Protection Law and Regulation

European Data Protection Regulation, Journalism, and Traditional Publishers ◽

10.1093/oso/9780198841982.003.0003 ◽

2019 ◽

pp. 35-54

Author(s):

David Erdos

Keyword(s):

Data Protection ◽

Legal Status ◽

Personal Data ◽

Working Party ◽

Advisory Council ◽

Human Right ◽

General Data Protection Regulation ◽

European Data ◽

Regulatory Data ◽

The Eu

This chapter explores the development of European data protection, both as a codified form of regulation and as a human right, from its inception to the present day. In contrast to more ʻclassicalʼ rights, such as freedom of expression and even privacy, data protection only emerged as a discrete concept with the rise of computer power in the 1970s. The focus in Europe from this time has been on elaborating a progressively more detailed and harmonized regulatory code to govern the processing of personal data across the EU and wider European Economic Area (EEA). Advisory Council of Europe Resolutions in the 1970s led to a binding but optional Data Protection Convention in the 1980s, to a mandatory Data Protection Directive in the 1990s, and finally to a General Data Protection Regulation (GDPR) in the 2010s which is directly applicable across the EU. In addition, data protection has increasingly been recognized as a fundamental right and, in particular, was included within the EU Charter that was drafted in 2000 and acquired pan-EU legal status in 2009. These developments have dovetailed with the emergence of a significant body of relevant Court of Justice of the EU (CJEU) jurisprudence. However, the regulatory Data Protection Authorities (DPAs) also remain critical interpretative actors and have issued a number of important opinions including through the Article 29 Working Party that under the GDPR has become the European Data Protection Board.

Download Full-text

The GDPR as Global Data Protection Regulation?

AJIL Unbound ◽

10.1017/aju.2019.80 ◽

2020 ◽

Vol 114 ◽

pp. 5-9 ◽

Cited By ~ 2

Author(s):

Cedric Ryngaert ◽

Mistale Taylor

Keyword(s):

International Law ◽

Data Protection ◽

Personal Data ◽

Fundamental Rights ◽

General Data Protection Regulation ◽

Data Protection Directive ◽

Protection Legislation ◽

General Data ◽

Global Data ◽

The Eu

The deterritorialization of the Internet and international communications technology has given rise to acute jurisdictional questions regarding who may regulate online activities. In the absence of a global regulator, states act unilaterally, applying their own laws to transborder activities. The EU's “extraterritorial” application of its data protection legislation—initially the Data Protection Directive (DPD) and, since 2018, the General Data Protection Regulation (GDPR)—is a case in point. The GDPR applies to “the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to: (a) the offering of goods or services . . . to such data subjects in the Union; or (b) the monitoring of their behaviour . . . within the Union.” It also conditions data transfers outside the EU on third states having adequate (meaning essentially equivalent) data protection standards. This essay outlines forms of extraterritoriality evident in EU data protection law, which could be legitimized by certain fundamental rights obligations. It then looks at how the EU balances data protection with third states’ countervailing interests. This approach can involve burdens not only for third states or corporations, but also for the EU political branches themselves. EU law viewed through the lens of public international law shows how local regulation is going global, despite its goal of protecting only EU data subjects.

Download Full-text