Specifics of nature of the biometric data definition in law of the European Union

Legal Definition ◽

Data Definition ◽

General Data ◽

Definition Of

The article offers analysis of the approaches in Russian and European legal doctrine to the definition of “biometric data”, as well as the evolution of the legal definition formation of biometric data in the legislative acts of the EU. The article analyzes the role of biometric data in the personal data system, their characteristics, and the determination of a list of key features that allow an individual's data to be classified as biometric data. Special attention is paid to the list of characteristics that fall under the category of biometric data in accordance with existing scientific approaches on personal data, as well as the provisions of the General Data Protection Regulation. The article highlights the main problems of interpretation of the category of biometric data in legal sources, and also suggests the author's legal definition of biometric data that meets, in the author's opinion, the main criteria that characterize specific data of an individual as biometric.

FORENSIC DATABASES IN POLAND. LEGAL ISSUES RELATED TO RIGHT TO THE PROTECTION OF PERSONAL DATA AND RIGHT TO PRIVACY

Criminalistics and Forensics ◽

10.33994/kndise.2021.66.23 ◽

2021 ◽

pp. 285-305

Author(s):

Dariusz Wilk

Keyword(s):

Personal Data ◽

The European Union ◽

Right To Privacy ◽

Biometric Data ◽

Law And Policy ◽

Detection And Identification ◽

Criminal Justice Systems ◽

General Data ◽

Data Subject

Forensic databases are crucial resources in criminal justice systems, which allow for detection and identification of offenders. General Data Protection Regulation and Police Directive about processing of personal data were enacted in the European Union in 2016, which implied changes in national law and policy in processing genetic and biometric data by law enforcements. Therefore, current development of DNA and fingerprint databases in Poland were revealed and compared to other European countries. Changes in the law related to processing of genetic and biometric data were analysed. Issues related to the distinction between different categories of data subject and retention time of personal data were especially commented in the view of right to the protection of personal data and right to privacy.

Data Sharing Under the General Data Protection Regulation

Hypertension ◽

10.1161/hypertensionaha.120.16340 ◽

2021 ◽

Vol 77 (4) ◽

pp. 1029-1035

Author(s):

Antonia Vlahou ◽

Dara Hallinan ◽

Rolf Apweiler ◽

Angel Argiles ◽

Joachim Beige ◽

...

Keyword(s):

European Union ◽

Data Protection ◽

Personal Data ◽

Research Approach ◽

The European Union ◽

Protection Legislation ◽

General Data ◽

Almost All

The General Data Protection Regulation (GDPR) became binding law in the European Union Member States in 2018, as a step toward harmonizing personal data protection legislation in the European Union. The Regulation governs almost all types of personal data processing, hence, also, those pertaining to biomedical research. The purpose of this article is to highlight the main practical issues related to data and biological sample sharing that biomedical researchers face regularly, and to specify how these are addressed in the context of GDPR, after consulting with ethics/legal experts. We identify areas in which clarifications of the GDPR are needed, particularly those related to consent requirements by study participants. Amendments should target the following: (1) restricting exceptions based on national laws and increasing harmonization, (2) confirming the concept of broad consent, and (3) defining a roadmap for secondary use of data. These changes will be achieved by acknowledged learned societies in the field taking the lead in preparing a document giving guidance for the optimal interpretation of the GDPR, which will be finalized following a period of commenting by a broad multistakeholder audience. In parallel, promoting engagement and education of the public in the relevant issues (such as different consent types or residual risk for re-identification), on both local/national and international levels, is considered critical for advancement. We hope that this article will open this broad discussion involving all major stakeholders, toward optimizing the GDPR and allowing a harmonized transnational research approach.

Methods of big data definition: Russian and foreign experience

Юридические исследования ◽

10.25136/2409-7136.2021.9.36591 ◽

2021 ◽

pp. 143-157

Author(s):

Kseniia Antipova

Keyword(s):

Big Data ◽

Russian Federation ◽

Personal Data ◽

Legal Regulation ◽

The European Union ◽

Legal Doctrine ◽

Original Definition ◽

Data Definition ◽

The Russian Federation

This article explores the main approaches of Russian and foreign authors towards big data definition; reflects the classification of data, components of big data; and provides comparative characteristics to legal regulation of big data. The subject of this research is the legislation of the Russian Federation and legislation of the European Union that regulate the activity on collection, processing and use of big data, personal data and information; judicial and arbitration practice of the Russian Federation in the sphere of personal data; normative legal acts of the Russian Federation; governmental regulation of the Russian Federation and foreign countries in the area of processing, use and transmission of data; as well as legal doctrine in the field of research dedicated to the nature of big data. The relevance of this research is substantiated by the fact that there is yet no conceptual uniformity with regards to big data in the world; the essence and methods of regulating big data are not fully explored. The goal of this research is determine the legal qualification of the data that comprise big data. The task lies in giving definition to the term “big data”; demonstrate the approaches towards determination of legal nature of big data; conduct  classification of big data; outline the criteria for distinguishing data that comprise the concept of big data; formulate the model for optimal regulation of relations in the process of activity on collection, processing, and use of the data. The original definition of big data in the narrow and broad sense is provided. As a result, the author distinguishes the types of data, reflects the legal qualification of data depending on the category of data contained therein: industrial data, user data, and personal data. Attention is also turned to the contractual form of big data circulation.

Location Privacy in the Wake of the GDPR

10.20944/preprints201902.0227.v1 ◽

2019 ◽

Author(s):

Yola Georgiadou ◽

Rolf de By ◽

Ourania Kounadi

Keyword(s):

Data Protection ◽

Location Privacy ◽

Cultural Theory ◽

Personal Data ◽

The European Union ◽

Digital Ecosystem ◽

Protection Legislation ◽

General Data ◽

Conducting Research

The General Data Protection Regulation (GDPR) protects the personal data of natural persons and at the same time allows the free movement of such data within the European Union (EU). Hailed as majestic by admirers and dismissed as protectionist by critics, the Regulation is expected to have a profound impact around the world, including in the African Union (AU). For European–African consortia conducting research that may affect the privacy of African citizens, the question is ‘how to protect personal data of data subjects while at the same time ensuring a just distribution of the benefits of a global digital ecosystem?’ We use location privacy as a point of departure, because information about an individual’s location is different from other kinds of personally identifiable information. We analyse privacy at two levels, individual and cultural. Our perspective is interdisciplinary: we draw from computer science to describe three scenarios of transformation of volunteered/observed information to inferred information about a natural person and from cultural theory to distinguish four privacy cultures emerging within the EU in the wake of GDPR. We highlight recent data protection legislation in the AU and discuss factors that may accelerate or inhibit the alignment of data protection legislation in the AU with the GDPR.

Human rights and biometric data. Social credit system

10.31338/1641-2478pe.4.20.3 ◽

2020 ◽

pp. 36-50

Author(s):

Olga O. Bazina

Keyword(s):

European Union ◽

Data Protection ◽

Personal Data ◽

Pilot Project ◽

The European Union ◽

Credit System ◽

Biometric Data ◽

Social Credit ◽

The Social

Biometrics, as a field of science, analyzes the physical and behavioral characteristics of people in order to identify their personality. A huge amount of technology in the field of biometric data collection is developed by IT giants like Google, Facebook, or Alibaba. The European Union (EU) took an important step towards biometric data confidentiality by developing a unified law on the protection of personal data (General Data Protection Regulation, GDPR). The main goal of this action is to return control over personal data to European citizens and at the same time simplify the regulatory legal basis for companies. While European countries and organisations are introducing the GDPR into force, China since 2016 has launched a social credit system as a pilot project. The Social Credit Score (SCS) is based on collecting the maximum amount of data about citizens and assessing the reliability of residents based on their financial, social and online behavior. Only critical opinions can be read about the social credit system in European literature, although the opinions of persons being under this system – Chinese citizens – are quite positive. In this context, we should not forget about the big difference in the mentality of Asians and Europeans. The aim of this article is to compare EU law and the legislation of the People's Republic of China regarding the use and storage of biometric data. On the basis of statistical data and materials analysed, key conclusions will be formulated, that will allow to indicate differences in the positions of state institutions and the attitude of citizens to the issue of personal data protection in China and the European Union.

GDPR implementation as the main reason for the regional fragmentation in the online mediasphere

E3S Web of Conferences ◽

10.1051/e3sconf/202127308099 ◽

2021 ◽

Vol 273 ◽

pp. 08099

Author(s):

Mikhail Smolenskiy ◽

Nikolay Levshin

Keyword(s):

European Union ◽

Data Protection ◽

Personal Data ◽

Main Role ◽

The European Union ◽

Protection Measures ◽

The Usa ◽

General Data

The EU’s General Data Protection Regulation (GDPR) applies not only to the territory of the European Union, but also to all information systems containing data of EU’s citizens around the world. Misusing or carelessly handling personal data bring fines of up to 20 million euros or 4% of the annual turnover of the offending company. This article analyzes the main trends in the global implementation of the GDPR. Authors considered and analyzed results of personal data protection measures in nineteen regions: The USA, Canada, China, France, Germany, India, Kazakhstan, Nigeria, Russia, South Korea and Thailand, as well as the European Union and a handful of other. This allowed identifying a direct pattern between the global tightening of EU’s citizens personal data protection and the fragmentation of the global mediasphere into separate national segments. As a result of the study, the authors conclude that GDPR has finally slowed down the globalization of the online mediasphere, playing a main role in its regional fragmentation.

Credit-Based Insurance Scores: some Observations in the Light of the European General Data Protection Regulation

Cuadernos Europeos de Deusto ◽

10.18543/ced-62-2020pp155-186 ◽

2020 ◽

pp. 155-186

Author(s):

María Dolores Mas Badia

Keyword(s):

Data Protection ◽

Personal Data ◽

Insurance Companies ◽

The European Union ◽

History Data ◽

Credit History ◽

Automated Processing ◽

General Data

Despite the differences between credit risk and insurance risk, in many countries large insurance companies include credit history amongst the information to be taken into account when assigning consumers to risk pools and deciding whether or not to offer them an auto or homeowner insurance policy, or to determine the premium that they should pay. In this study, I will try to establish some conclusions concerning the requirements and limits that the use of credit history data by insurers in the European Union should be subject to. In order to do this, I shall focus my attention primarily on Regulation (EU) 2016/679. This regulation, that came into force on 24 May 2018, not only forms the backbone of personal data protection in the EU, but is also set to become a model for regulation beyond the borders of the Union. This article will concentrate on two main aspects: the lawful basis for the processing of credit history data by insurers, and the rules that should apply to decisions based solely on automated processing, including profiling.Received: 30 December 2019Accepted: 07 February 2020Published online: 02 April 2020

OpenEHR and General Data Protection Regulation: Evaluation of Principles and Requirements (Preprint)

10.2196/preprints.9845 ◽

2018 ◽

Author(s):

Duarte Gonçalves-Ferreira ◽

Mariana Sousa ◽

Gustavo M Bacelar-Silva ◽

Samuel Frade ◽

Luís Filipe Antunes ◽

...

Keyword(s):

Data Protection ◽

Personal Data ◽

Design Principles ◽

Security And Privacy ◽

The European Union ◽

Health Records ◽

General Data ◽

The Common

BACKGROUND Concerns about privacy and personal data protection resulted in reforms of the existing legislation in the European Union (EU). The General Data Protection Regulation (GDPR) aims to reform the existing directive on the topic of personal data protection of EU citizens with a strong emphasis on more control of the citizens over their data and in the establishment of rules for the processing of personal data. OpenEHR is a standard that embodies many principles of interoperable and secure software for electronic health records (EHRs) and has been advocated as the best approach for the development of hospital information systems. OBJECTIVE This study aimed to understand to what extent the openEHR standard can help in the compliance of EHR systems to the GDPR requirements. METHODS A list of requirements for an EHR to support GDPR compliance and also a list of the openEHR design principles were made. The requirements were categorized and compared with the principles by experts on openEHR and GDPR. RESULTS A total of 50 GDPR requirements and 8 openEHR design principles were identified. The openEHR principles conformed to 30% (15/50) of GDPR requirements. All the openEHR principles were aligned with GDPR requirements. CONCLUSIONS This study showed that the openEHR principles conform well to GDPR, underlining the common wisdom that truly realizing security and privacy requires it to be built in from the start. By using an openEHR-based EHR, the institutions are closer to becoming compliant with GDPR while safeguarding the medical data.

Apply or not to apply?

Bratislava Law Review ◽

10.46282/blr.2020.4.2.171 ◽

2020 ◽

Vol 4 (2) ◽

pp. 81-94

Author(s):

Matúš Mesarčík

Keyword(s):

Data Protection ◽

Personal Data ◽

The European Union ◽

Privacy Regulation ◽

New Era ◽

Consumer Privacy ◽

Privacy Act ◽

General Data ◽

The Eu

A new era of data protection laws arises after the adoption of the General Data Protection Regulation (GDPR) in the European Union. One of the newly adopted regulations of processing of personal data is Californian Consumer Privacy Act commonly referred to as CCPA. The article aims to fill the gap considering a deep analysis of the territorial scope of both acts and practical consequences of the application. The article starts with a brief overview of privacy regulation in the EU and USA. Introduction to GDPR and CCPA follows focusing on the territorial scope of respective legislation. Three scenarios of applicability are derived in the following part including practical examples.

Location Privacy in the Wake of the GDPR

ISPRS International Journal of Geo-Information ◽

10.3390/ijgi8030157 ◽

2019 ◽

Vol 8 (3) ◽

pp. 157 ◽

Cited By ~ 3

Author(s):

Yola Georgiadou ◽

Rolf de By ◽

Ourania Kounadi

Keyword(s):

Data Protection ◽

Location Privacy ◽

Cultural Theory ◽

Personal Data ◽

The European Union ◽

Digital Ecosystem ◽

Protection Legislation ◽

General Data ◽

Conducting Research

The General Data Protection Regulation (GDPR) protects the personal data of natural persons and at the same time allows the free movement of such data within the European Union (EU). Hailed as majestic by admirers and dismissed as protectionist by critics, the Regulation is expected to have a profound impact around the world, including in the African Union (AU). For European–African consortia conducting research that may affect the privacy of African citizens, the question is `how to protect personal data of data subjects while at the same time ensuring a just distribution of the benefits of a global digital ecosystem?’ We use location privacy as a point of departure, because information about an individual’s location is different from other kinds of personally identifiable information. We analyse privacy at two levels, individual and cultural. Our perspective is interdisciplinary: we draw from computer science to describe three scenarios of transformation of volunteered or observed information to inferred information about a natural person and from cultural theory to distinguish four privacy cultures emerging within the EU in the wake of GDPR. We highlight recent data protection legislation in the AU and discuss factors that may accelerate or inhibit the alignment of data protection legislation in the AU with the GDPR.