The Role of Consent in Legitimising the Processing of Personal Data under the current EU Data Protection Framework

doi:10.15520/ajcsit.v7i4.67

Contributions of the Brazilian Act for the Protection of Personal Data for treating Digital Legacy

Journal on Interactive Systems ◽

10.5753/jis.2021.1654 ◽

2021 ◽

Vol 12 (1) ◽

pp. 112-124

Author(s):

Flávia R. Beppu ◽

Cristiano Maciel ◽

José Viterbo

Keyword(s):

Literature Review ◽

Legal System ◽

Data Protection ◽

Personal Data ◽

Post Mortem ◽

Internet Applications ◽

Constitutional Order ◽

Digital Assets

In this article, we analyze how the Brazilian Act for the Protection of Personal Data --- Lei Geral de Proteção de Dados Pessoais (LGPD) in Portuguese --- can contribute to handling some situations involving post-mortem digital legacy. For that purpose, we investigate some aspects of this act that can concur with the development of software and internet applications that cope with users’ digital assets. We analyzed the role of LGPD in the Brazilian legal system. The research was carried out based on a literature review and on the analysis of the relevant legislation and some bills proposed to regulate the matter. In line with the national constitutional order, the results point to the possibility of applying the principles and foundations of the data protection act as an axiological matrix for the treatment of the existing digital legacy.

Download Full-text

Personal Data Protection in Russia

The Palgrave Handbook of Digital Russia Studies ◽

10.1007/978-3-030-42855-6_6 ◽

2020 ◽

pp. 95-113

Author(s):

Alexander Gurkov

Keyword(s):

Data Protection ◽

Personal Data ◽

Legal Framework ◽

Fundamental Rights ◽

Special Role ◽

State Control ◽

General Data Protection Regulation ◽

Personal Data Protection ◽

General Data

AbstractThis chapter considers the legal framework of data protection in Russia. The adoption of the Yarovaya laws, data localization requirement, and enactment of sovereign Runet regulations allowing for isolation of the internet in Russia paint a grim representation of state control over data flows in Russia. Upon closer examination, it can be seen that the development of data protection in Russia follows many of the steps taken at the EU level, although some EU measures violated fundamental rights and were invalidated. Specific rules in this sphere in Russia are similar to the European General Data Protection Regulation. This chapter shows the special role of Roskomnadzor in forming data protection regulations by construing vaguely defined rules of legislation.

Download Full-text

The Digital tax system in the light of GDPR

Bratislava Law Review ◽

10.46282/blr.2018.2.2.120 ◽

2018 ◽

Vol 2 (2) ◽

pp. 183-190

Author(s):

Martin Daňko ◽

Petra Žárská

Keyword(s):

Data Protection ◽

Crucial Role ◽

Personal Data ◽

Modern World ◽

Tax System ◽

General Data Protection Regulation ◽

Eu Member States ◽

State Administration ◽

General Data

The digital tax system is becoming extremely essential in the modern world. As we look at the system itself as a great benefit for its users and states as well, we tend to forget the role of personal data within it. Personal data play crucial role in the errorless digital tax system. The new regulation of EU, General Data Protection Regulation is addressing processing of personal data within the state administration of EU member states. The aim of this article is to examine the effect of GDPR on the digital tax system and encourage wide academic and public discussion in relation to processing of personal data in the digital tax system.

Download Full-text

Personal data protection and access to information: interfaces of Civil Society role in Brazilian legislative process

Unio - EU Law Journal ◽

10.21814/unio.7.1.3394 ◽

2021 ◽

Vol 7 (1) ◽

pp. 50-66

Author(s):

Ana Claudia Farranha Santana ◽

Murilo Borsio Bataglia ◽

Amanda Nunes Lopes Espiñeira Lemos

Keyword(s):

Civil Society ◽

Data Protection ◽

Personal Data ◽

Legislative Process ◽

Access To Information ◽

Personal Data Protection ◽

Public Hearings ◽

Information Law ◽

The Relationship

The relationship between access to information and personal data protection leads to the relativization of transparency under the argument of a false tradeoff between these two concepts. Based on that, this study’s objective is to understand the role of civil society movements in maintaining the rights of access to information and personal data protection. This research made a qualitative analysis, with a documentary survey and bibliographic review of the main categories presented in the Executive-Legislative relationship and in the theme of advocacy. We observe the role of civil society lobby groups in the Brazilian Access to Information Law legislative process, between 2003 and 2011, and the Brazilian Data Protection Act, between 2012 and 2018, perceive the change of these groups with the foundation of Rights in Network Coalition, in 2016. As a result, the active participation of Civil Society in public hearings has intensified increasingly in public hearings since 2018, specifically on the LGPD, while LAI had participation of civil society in the body’s scope institutionalized.

Download Full-text

PERSONAL DATA PROTECTION IN GENERAL ADMINISTRATIVE PROCEEDINGS

Roczniki Administracji i Prawa ◽

10.5604/01.3001.0013.1791 ◽

2018 ◽

Vol 2 (XVIII) ◽

pp. 199-213

Author(s):

Agnieszka Kręcisz-Sarna

Keyword(s):

Data Protection ◽

Personal Data ◽

General Data Protection Regulation ◽

Personal Data Protection ◽

General Data ◽

Administrative Proceedings

This article aims to draw attention to the duties of personal data protection in general administrative proceedings in the context of the General Data Protection Regulation, which came into force on 25 May 2018. It depicts the subjective, the objective, as well as the territorial scope of the application of GDPR, subsequently referring it to certain procedural steps taken in the course of administrative proceedings. Moreover, deliberations concerning the processing of personal data which takes place within the scope of administrative proceedings, as well as the role of the parties in such proceedings have been presented.

Download Full-text

PENYALAHGUNAAN DATA PRIBADI SEBAGAI BENTUK KEJAHATAN SEMPURNA DALAM PERSPEKTIF HUKUM SIBER

SASI ◽

10.47268/sasi.v27i1.394 ◽

2021 ◽

Vol 27 (1) ◽

pp. 38

Author(s):

Sahat Maruli Tua Situmeang

Keyword(s):

Data Protection ◽

Personal Data ◽

Legal Protection ◽

Law Reform ◽

Deterrent Effect ◽

Legal Certainty ◽

The Public ◽

Personal Data Protection ◽

Criminal Sanctions

This study aims to determine the regulations regarding the legal protection of the use of personal data in an effort to provide legal certainty to the public and the role of law enforcers in preventing criminal acts of misuse of personal data in the future from the perspective of criminal law reform through normative juridical research methods. Based on the results of the research, it shows that in order to create legal certainty, it is necessary to establish a law that regulates specifically, clearly, structured and comprehensively regarding the protection of personal data and harmonizes existing laws and regulations governing personal data protection as well as clear mechanisms related to coordination between enforcers. law. In this regard, the researcher proposes that there should be the formation of norms regulating criminal sanctions in their enforcement as a deterrent effect as well as reconstruction and reformulation of norms in the regulations regarding personal data protection that are currently in effect.

Download Full-text

THE ROLE OF INTERNAL AUDIT IN REDUCING RISK RELATED TO PERSONAL DATA PROTECTION FOLLOWING GDPR IMPLEMENTATION

Prace Naukowe Uniwersytetu Ekonomicznego we Wrocławiu ◽

10.15611/pn.2018.521.07 ◽

2018 ◽

pp. 69-78

Author(s):

Marek Jasztal

Keyword(s):

Data Protection ◽

Personal Data ◽

Internal Audit ◽

Personal Data Protection

Download Full-text

Ocena skutków dla ochrony danych

Studia Prawa Publicznego ◽

10.14746/spp.2020.2.30.6 ◽

2020 ◽

pp. 161-180

Author(s):

Aleksandra Pyka

Keyword(s):

Data Processing ◽

Impact Assessment ◽

Data Protection ◽

Personal Data ◽

Supervisory Authority ◽

Legal Provisions ◽

The Impact ◽

General Regulation ◽

The Eu

This article deals with the issue of impact assessment for the protection of personal data. This is a new obligation for the controller. The article presents the essence of impact assessment (DPIA), exclusion from the obligation to carry it out, the prerequisite for mandatory DPIA, the role of the data protection officer and the powers of the supervisory authority. The analysis of legal provisions related to the impact assessment presented here does not refer to specific situations, due to the wide scope for interpreting specific phrases contained in the General Regulation. Nevertheless, the article discusses the issue of conducting data protection impact assessments as one of the most problematic obligations incumbent on the controller, who in practice raises many doubts. The DPIA has been imprecisely regulated by the EU legislator, thus leaving controllers plenty of leeway to interpret the terms used in the General Regulation. In addition, carrying out a DPIA in practice (as a new obligation on entities setting the purposes and means of data processing) can be problematic due to the lack of harmonized methods for conducting a data protection impact assessment. However, controllers cannot assign DPIA implementation to other entities involved in data processing, such as an entity processing personal data on behalf of another. Entities setting the purposes and methods of data processing should not only take into account the provisions of the General Regulation but also a list of data processing operations that are obligatorily subject to DPIA. Controllers fulfilling the obligation to carry out a data protection impact assessment will be obliged by the supervisory authority to demonstrate how to carry out a data protection impact assessment.

Download Full-text

23. Data protection: rights and obligations

Information Technology Law ◽

10.1093/he/9780198804727.003.0023 ◽

2019 ◽

pp. 595-619

Author(s):

Andrew Murray

Keyword(s):

Data Protection ◽

Financial Services ◽

Personal Data ◽

General Data Protection Regulation ◽

Role Of The State ◽

General Data ◽

The Right ◽

Access Right ◽

Data Subject

This chapter examines the rights of data subjects under GDPR and the role of the state in supervising data controllers. It examines data subject rights, including the subject access right and the right to correct and manage personal data. It deals with the development of the so-called Right to be Forgotten and the Mario Costeja González case. It examines the current supervisory regime, including the role of the Information Commissioner’s Office and the enforcement rights of data subjects. Key cases, including Durant v The Financial Services Authority, Edem v IC & Financial Services Authority, Dawson-Damer v Taylor Wessing, and Ittihadieh v 5–11 Cheyne Gardens are discussed, and the chapter concludes by examining the enhanced enforcement rights awarded to the Information Commissioner’s Office by the General Data Protection Regulation in 2018.

Download Full-text

THE ROLE OF THE DATA PROTECTION OFFICER IN THE ORGANIZATION’S STRUCTURE

Roczniki Administracji i Prawa ◽

10.5604/01.3001.0013.3602 ◽

2019 ◽

Vol 1 (XIX) ◽

pp. 295-310

Author(s):

Weronika Kupny

Keyword(s):

Data Protection ◽

Personal Data ◽

Main Task ◽

General Data Protection Regulation ◽

Personal Data Protection ◽

Legal Situation ◽

General Data ◽

Expert Support ◽

External Consultant

Entry into force of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/ EC (General Data Protection Regulation) significantly changed the legal situation of information security administrators. The new institution is a data protection officer. The provisions of the regulation not only changed the name but also the requirements for the person who will perform it in the organization. The main task of the DPO is to provide expert support to the controller and the processor and to monitor compliance with the provisions on personal data protection in cooperation with the supervisory authorities. The importance of the DPO’s function has been strongly emphasized in recital 97 of the preamble to the GDPR. This means that the data protection officer is the person responsible for acting in accordance with the data processing regulations. The independence of DPO is guarantee by its correct placement in the structure of the controller’s organization. As regards the employment of a DPO, the legislator left employers a large dose of freedom. Acquiring specialists dealing in the personal data protection in the company is possible by selecting several options. We can deal with the employment of a stationary specialist or an external consultant. Due to the very wide competence of the DPO, the legislator also provided for the possibility of commissioning the inspector’s tasks to a group of people or a department or an external company.

Download Full-text