PERSONAL DATA PROTECTION AND RESEARCH ACTIVITIES: EU LEGAL REGULATION EXPERIENCE

Research Activities ◽

Special Rules ◽

Biometric Information

Legal regulation of the use of personal data is essential in ensuring the quality of scientific research. Regulation of the European Parliament and of the Council of the European Union No. 2016/679 of April 27, 2016 «On the protection of natural persons with regard to the processing of personal data and on the free movement of such data», repealing Directive 95/46/EC, aims to unify the standards governing the protection of human rights to privacy, certain conditions beyond. This novel, introduced by the Regulation in the EU legal framework, complements and updates the acquis communautaire achieved within the framework of Directive 95/46/EC on personal data protection. The Regulation establishes both general rules applicable to any type of personal data processing and special rules applicable to the analysis of certain categories of personal data, such as information obtained during clinical trials. This paper provides an overview of new standards (in force since May 2018) that regulate aspects of personal data processing in the context of research activities (personal health data, genetic, biometric information, etc.)

ESTUDO SOBRE A REALIZAÇÃO DO DIREITO DA PROTECÇÃO DE DADOS PESSOAIS ATRAVÉS DA JURISPRUDÊNCIA DO TRIBUNAL DE JUSTIÇA DA UNIÃO EUROPEIA

Dereito revista xurídica da Universidade de Santiago de Compostela ◽

10.15304/dereito.29.1.6519 ◽

2020 ◽

Vol 29 (1) ◽

Author(s):

Rita De Sousa Costa

Keyword(s):

European Union ◽

Data Protection ◽

Personal Data ◽

Case Law ◽

Legal Framework ◽

The European Union ◽

Court Of Justice ◽

European Data ◽

Data Protection Law

[PT]No presente texto, apresentamos as grandes linhas de aplicação do direito europeu da protecção de dados conforme gizadas pela jurisprudência do TJUE, com o objectivo de demonstrar como e em que medida este Tribunal modelou – e continua a modelar – o quadro jurídico em vigor, na certeza de que aquela jurisprudência impõe um conjunto de desafios determinantes para a realização material do direito europeu da protecção de dados pessoais. [ESP]Este texto presenta las líneas generales de la aplicación de la legislación europea de protección de datos tal como se establece en la jurisprudencia del TJUE, con el objetivo de demostrar cómo y en qué medida este Tribunal ha configurado -y sigue configurando- el marco jurídico vigente, con la certeza de que la dicha jurisprudencia plantea una serie de retos cruciales para la aplicación material del derecho europeo de la protección de datos personales. [ENG]This text outlines the implementation of the European data protection law as laid down in the case-law of the Court of Justice of the European Union, with the aim of demonstrating how and to what extent the Court has shaped – and continues to shape – the current legal framework. The case-law analysed points out a plethora of challenges which are key to the implementation of the European personal data protection law.

On the Legal Consequences of Brexit (on the example of personal data protection)

Contemporary Europe ◽

10.15211/soveurope520214555 ◽

2021 ◽

Vol 105 (5) ◽

pp. 45-55

Author(s):

Mark Entin ◽

◽

Dmitriy Galushko ◽

Keyword(s):

European Union ◽

Data Protection ◽

Personal Data ◽

Legal Regulation ◽

Legal Aspects ◽

The European Union ◽

Cooperation Agreement ◽

National Regulation ◽

Legal Consequences

The article explores the legal consequences of the UK's withdrawal from the European Union. The scope of personal data protection was taken as an example. The purpose of the article is to study and analyze the legal aspects of the termination of the UK's membership in the European Union, its impact on the cross-border transfer of personal data between the parties, as well as the development of legal regulation in this area. The article shows that, despite the signing of the Withdrawal Agreement, as well as the Trade and Cooperation Agreement, there is a complication of legal regulation, as well as the emergence of potential contradictions and threats to the interests of interested parties. The sphere of personal data protection clearly demonstrates that despite the desire for the sovereignization of legal regulation on the part of the UK, its legal system remains dependent on the legal order of the European Union. The UK's national regulation on personal data will be under constant monitoring by the competent EU authorities, which indirectly confirms the failure to achieve the goals of the full return of the UK's delegated sovereign powers. It is concluded that the EU Court of Justice still retains its jurisdiction over the United Kingdom, in particular, in connection with possibility to challenge decisions on adequacy, as well as through the adoption of its own practice on issues related to personal data protection.

Developing The Personal Data Protection In The European Union: A Consumer-Oriented Approach The Romanian Experience

Review of Business Information Systems (RBIS) ◽

10.19030/rbis.v12i1.4398 ◽

2008 ◽

Vol 12 (1) ◽

pp. 63-74

Author(s):

Calin Veghes

Keyword(s):

European Union ◽

Data Protection ◽

Direct Marketing ◽

Personal Data ◽

Legal Framework ◽

Public Institutions ◽

Legal Rights ◽

The European Union ◽

Laws And Regulations

Protection of personal data represents a relatively recent concern for all the entities consumers, organizations and public institutions involved in the development of the direct marketing industry and the overall Romanian market. Noteworthy growth of the direct marketing campaigns, increase in the consumer demands and expectations and the background provided by the countrys adhesion to the European Union, have determined a strong necessity to build up a legal framework for protection of the personal data. Important steps have been made when laws no. 677 (on the protection of the personal data in terms of their processing and free circulation - 2001), no. 506 (on the processing of personal data and protection of privacy in the electronic communications sector - 2004) and no. 102 (regarding the setting up, organization and functioning of the National Supervisory Authority for Personal Data Processing - 2005) have been issued. Adoption of the Directive no. 95/46/EC has connected Romanian and European Union legal framework of the personal data protection. Enforcement of the existing legal background has revealed several problems that have affected activities conducted mainly by the direct marketing and marketing research companies. Relatively unclear definition of the content of personal data to be protected appeared to be one of the most important. From this point, at least the following questions should be answered:what is the specific meaning of the personal data? What data is personal and must be protected through dedicated laws and regulations?are public initiatives best ways and public institutions sole entities to handle the development of an effective legal background for the personal data protection?how important is the voice of the consumers in the process of development of a regulatory environment in this area? Should those to be protected represent the main source of initiating and building the related legal framework?An exploratory survey on a sample including 96 Romanian urban consumers aged 18 to 45 has been conducted aiming to provide information on the: importance of the data protection for the consumers, main characteristics of the data protection legal environment (area of protection, public-private, respectively national-international relationships in terms of the data protection, need for national or international laws and regulations), content of the personal data to be protected by a more precisely defined object of the law, consumer preferences regarding the opt-in and opt-out mechanisms, knowledge associated to the legal rights of consumers related to the personal data protection as they are granted through the existing law, major risks associated with the absence or improper personal data protection mechanisms, consumers exposure to the personal communication media, preferences for personal sources of information and perceived importance of personalization as potential factors to be considered for the development of the personal data protection legal framework, opportunity to develop and implement a Robinson list.Results of the survey may serve as a starting point for a future research conducted at the level of a national representative sample and the Romanian experience may be considered for the upcoming effort to develop a legal framework of the personal data protection in the European Union based on the consumers views, needs and expectations.

DEVELOPMENT OF THE PERSONAL DATA PROTECTION FRAMEWORK – WILL THE PANDEMIC BRING NEW CHANGES?

Acta Prosperitatis ◽

10.37804/1691-6077-2021-12-59-66 ◽

2021 ◽

Vol 12 ◽

pp. 59-66

Author(s):

Marta Mackeviča ◽

Keyword(s):

European Union ◽

Data Protection ◽

Personal Data ◽

Legal Framework ◽

Point Of View ◽

The European Union ◽

Personal Privacy ◽

Complex Concept ◽

Personal Data Protection

The General Data Protection Regulation (hereinafter – the Regulation), which entered into force on 25 May 2018 and introduced a new legal framework for the protection of personal data in the European Union, also included a number of new rights, more precise definitions and improvements in the field of personal data protection. The three‐year period has shown that the Regulation has successfully replaced Directive 95/46/EC of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement ofsuch data, but the Covid‐19 pandemic posed the question: does the Regulation sufficiently define and explain how controllers should deal with the processing of sensitive data, or in situations where employees of companies and institutions work remotely? Data protection is a complex concept that can be analyzed from both a legal and a social point of view. Traditionally, data protection has been referred to as the protection of personal privacy in the context of processes involving the use of personal data. Prior to the implementation of the Regulation, the existing rules on the protection of personal data in the European Union were not sufficiently uniform and were implemented differently in each Member State. It contributed to the development and implementation of the Regulation, in the hope that it would modernize and promote a common data protection regime, while maintaining all the basic principles of data protection that have been followed so far. Prior to the pandemic, the Regulation successfully achieved its original objectives, but hasthe pandemic necessitated a revision of the Regulation? This article will analyze the development of the legal framework for the protection of personal data and analyze the compliance of the Regulation with the requirements arising from the effects of the pandemic.

Research Biobanking, Personal Data Protection and Implementation of the GDPR in France

GDPR and Biobanking - Law, Governance and Technology Series ◽

10.1007/978-3-030-49388-2_14 ◽

2021 ◽

pp. 257-276

Author(s):

Gauthier Chassang ◽

Michael Hisbergues ◽

Emmanuelle Rial-Sebbag

Keyword(s):

Data Protection ◽

Personal Data ◽

Legal Framework ◽

The European Union ◽

French Law ◽

Research Biobanks ◽

Active Research ◽

Set Up

AbstractSince 1978 and the initial French data protection law (Loi n°78-17 du 6 Janvier 1978), consecutive modifications regarding the protection of personal health data, especially in 2004, 2016 and 2018, set up a strict legal regime for processing sensitive personal data, including for research purposes. In recent years, French law has evolved proactively and in parallel with the work of the European Union (EU) on the preparation of what became the General Data Protection Regulation (GDPR), which has been in force since May 2018. This Chapter performs a state-of-art analysis (as of 1 July 2019) of the French legal framework for research biobanks and data protection rules applying to biobanking, in particular those related to data subjects’ rights and Article 89 of the GDPR. Firstly, it provides updated information about the national landscape of active research biobanks in France (Sect. 1). Secondly, it explores how the French law embodies the developments brought by the GDPR and how it envisages individuals’ rights in the context of research biobanking (Sects. 2 and 3). Thirdly, this Chapter analyses existing and potential national exemptions to individuals’ rights, including with regard to Article 89 GDPR, and how France conceives of processing activities of ‘public interest’ (Sect. 4). Finally, the authors address ongoing debates around bioethics law in France and argue for the creation of a specific Act focused on biobanking as a means of integrating, clarifying and developing not only data protection rules but also other activities related to samples, human or not, in a unique, operational and compact act (Sect. 5).

Those Who Shall Be Identified: The Data Protection Aspects of the Legal Framework for Electronic Identification in the European Union

TalTech Journal of European Studies ◽

10.2478/bjes-2021-0012 ◽

2021 ◽

Vol 11 (2) ◽

pp. 3-24

Author(s):

Jozef Andraško ◽

Matúš Mesarčík

Keyword(s):

European Union ◽

Data Processing ◽

Data Protection ◽

Mutual Recognition ◽

Personal Data ◽

Legal Framework ◽

The European Union ◽

General Data

Abstract The article focuses on the intersections of the regulation of electronic identification as provided in the eIDAS Regulation and data protection rules in the European Union. The first part of the article is devoted to the explanation of the basic notions and framework related to the electronic identity in the European Union— the eIDAS Regulation. The second part of the article discusses specific intersections of the eIDAS Regulation with the General Data Protection Regulation (GDPR), specifically scope, the general data protection clause and mainly personal data processing in the context of mutual recognition of electronic identification means. The article aims to discuss the overlapping issues of the regulation of the GDPR and the eIDAS Regulation and provides a further guide for interpretation and implementation of the outcomes in practice.

DEVELOPMENT OF LEGAL REGULATION OF ISSUES RELATED TO INFORMATION CONFIDENTIALITY AND PERSONAL DATA PROTECTION IN THE EUROPEAN UNION

Pravovedenie IAZH ◽

10.31249/rgpravo/2021.04.07 ◽

2021 ◽

Author(s):

I.A. Aleshkova

Keyword(s):

Data Protection ◽

Personal Data ◽

Legal Regulation ◽

The European Union ◽

Scientific Publications ◽

General Data ◽

International Convergence ◽

The Relationship

The review summarizes scientific publications that reveal current problems in the field of legal regulation of confidentiality and data protection. It is noted that the General Data Protection Regulation (GDPR) is essential for the work of international organizations. At the same time, its action gives rise to questions about the relationship between EU law and public international law. Attention is focused on those legal values that are decisive in the formation of national and international approaches. The proposed in the scientific literature models of legal regulation of confidentiality and data protection, aimed at achieving international convergence.

The Personal Data Protection Bill, 2018: India’s regulatory journey towards a comprehensive data protection law

International Journal of Law and Information Technology ◽

10.1093/ijlit/eaaa003 ◽

2020 ◽

Vol 28 (1) ◽

pp. 1-19

Author(s):

Deva Prasad M ◽

Suchithra Menon C

Keyword(s):

Data Protection ◽

Personal Data ◽

Legal Framework ◽

The European Union ◽

Supreme Court Of India ◽

Indian Context ◽

General Data ◽

Data Protection Law

Abstract This article analyses the relevance of Personal Data Protection Bill, 2018 for developing a data protection legal framework in India. In this regard, the article attempts to analyse the evolution process of comprehensive personal data protection law in the Indian context. The manner in which the Personal Data Protection Bill, 2018 will revamp and strengthen the existing data protection regulatory framework forms the major edifice of this article. The article also dwells on the significant role played by the fundamental right to privacy judgment (Justice K.S. Puttaswamy v Union of India) of Supreme Court of India, thus preparing the regulatory ground for the evolution of the Personal Data Protection Bill, 2018. The influence of the European Union General Data Protection Regulation in shaping the Indian legal framework is highlighted. The article also discusses pertinent legal concerns that could question the effectiveness of the proposed data protection legal framework in the Indian context.

Problems of establishment and development of the Institution of personal data protection in the Russian Federation: historical-legal aspect

Вопросы безопасности ◽

10.25136/2409-7543.2020.4.33798 ◽

2020 ◽

pp. 28-35

Author(s):

Yanis Arturovich Sekste ◽

Anna Sergeevna Markevich

Keyword(s):

Russian Federation ◽

Data Protection ◽

Information Technologies ◽

Legal Aspect ◽

Personal Data ◽

Legal Regulation ◽

Private Life ◽

Russian Society ◽

The Russian Federation

The subject of this research is the problems emerging in the process of establishment and development of the Institution of personal data protection in the Russian Federation. Special attention is turned to the comparison of Soviet and Western models of protection of private life and personal data. The authors used interdisciplinary approach, as comprehensive and coherent understanding of socio-legal institution of personal data protection in the Russian Federation is only possible in inseparable connection with examination of peculiarities of the key historical stages in legal regulation of private life of the citizen. After dissolution of the Soviet political and legal system, the primary task of Russian law consisted in development and legal formalization of the institution of protection of human and civil rights and freedoms, first and foremost by means of restricting invasion of privacy by the state and enjoyment of personal freedom. It is concluded that the peculiarities of development of the new Russian political and legal model significantly impacted the formation of the institution of personal data protection in the Russian Federation. The authors believe that the Russian legislator and competent government branches are not always capable to manage the entire information flow of personal data; therefore, one of the priority tasks in modern Russian society is the permanent analysis and constant monitoring of the development of information technologies.

Data Protection Impact Assessment (DPIA) for Cloud-Based Health Organizations

Future Internet ◽

10.3390/fi13030066 ◽

2021 ◽

Vol 13 (3) ◽

pp. 66

Author(s):

Dimitra Georgiou ◽

Costas Lambrinoudakis

Keyword(s):

Impact Assessment ◽

Data Protection ◽

Gap Analysis ◽

Health Care Organization ◽

Personal Data ◽

Care Organization ◽

The European Union ◽

Compliance Level

The General Data Protection Regulation (GDPR) harmonizes personal data protection laws across the European Union, affecting all sectors including the healthcare industry. For processing operations that pose a high risk for data subjects, a Data Protection Impact Assessment (DPIA) is mandatory from May 2018. Taking into account the criticality of the process and the importance of its results, for the protection of the patients’ health data, as well as the complexity involved and the lack of past experience in applying such methodologies in healthcare environments, this paper presents the main steps of a DPIA study and provides guidelines on how to carry them out effectively. To this respect, the Privacy Impact Assessment, Commission Nationale de l’Informatique et des Libertés (PIA-CNIL) methodology has been employed, which is also compliant with the privacy impact assessment tasks described in ISO/IEC 29134:2017. The work presented in this paper focuses on the first two steps of the DPIA methodology and more specifically on the identification of the Purposes of Processing and of the data categories involved in each of them, as well as on the evaluation of the organization’s GDPR compliance level and of the gaps (Gap Analysis) that must be filled-in. The main contribution of this work is the identification of the main organizational and legal requirements that must be fulfilled by the health care organization. This research sets the legal grounds for data processing, according to the GDPR and is highly relevant to any processing of personal data, as it helps to structure the process, as well as be aware of data protection issues and the relevant legislation.