THE RISE OF A TRANSNATIONAL MOVEMENT TO PROTECT PRIVACY*

2020 ◽  
Vol 25 (2) ◽  
pp. 161-184 ◽  
Author(s):  
Emilio Lehoucq ◽  
Sidney Tarrow
Keyword(s):  
Personal Data ◽  
The United States ◽  
Security Measures ◽  
Political Opportunity ◽  
General Data Protection Regulation ◽  
Structural Differences ◽  
Transnational Mobilization ◽  
General Data ◽  
To Come ◽  
The U.S

Scholars have long found profound normative and structural differences between the privacy movements of Europe and the United States, alongside incompatible regimes of regulation. After 9/11, both Europe and the U.S. adopted increasingly intrusive digital security measures, which impinged on the privacy of commercial and personal data. Both the overlap in privacy regimes and the securitization of the two regimes were uncovered by Edward Snowden’s revelations in 2013. The eventual result was the passage of a European privacy protection regulation, the General Data Protection Regulation, in 2016 and greater transnational diffusion and transnational cooperation among European and American privacy activists. But has this convergence produced a transnational movement for privacy? Studying three mechanisms of transnational mobilization—externalization, diffusion, and collective transnationalism—this article employs a political opportunity framework to understand how international events have increased the inclination and the capacity of nationally and regionally based privacy groups to come together in contentious collective action.

scholarly journals A Weaponized Court of Justice in Schrems II

2021 ◽  
Vol 4 (2) ◽  
pp. 1-18
Author(s):  
Jeffery Atik ◽  
Xavier Groussot
Keyword(s):  
European Union ◽  
National Security ◽  
The United States ◽  
Constitutional Court ◽  
The European Union ◽  
General Data Protection Regulation ◽  
Legal Development ◽  
Court Of Justice ◽  
General Data ◽  
The U.S

The U.S.-EU conflict over the application of the General Data Protection Regulation (GDPR) to U.S.-based digital platform companies is marked by a startling legal development: the insertion of a constitutional court squarely into the heart of the dispute. The engagement of the EU’s top court - the Court of Justice (CJEU) - in the Schrems I and Schrems II cases - has significantly inflamed the dispute. The CJEU has now twice struck down GDPR accommodations reached between the United States and the European Union. In doing so, the Court has rebuked both U.S. and EU officials. By transfiguring provisions of the GDPR with constitutional (that is, treaty-based) and human rights values, the Court has placed out of reach any accommodation that does not involve significant reform of U.S. privacy and national security provisions. Heated trans-Atlantic disputes involving assertions of extraterritorial extensions of regulatory power is an inappropriate place for a constitutional court like the CJEU to throw its declarative weight around. 

scholarly journals Compatibility of a Security Policy for a Cloud-Based Healthcare System with the EU General Data Protection Regulation (GDPR)

Information ◽  
2020 ◽  
Vol 11 (12) ◽  
pp. 586
Author(s):  
Dimitra Georgiou ◽  
Costas Lambrinoudakis
Keyword(s):  
Healthcare System ◽  
Data Protection ◽  
Security Policy ◽  
Personal Data ◽  
Legal Framework ◽  
Healthcare Systems ◽  
Security And Privacy ◽  
Security Measures ◽  
General Data Protection Regulation ◽  
General Data

Currently, there are several challenges that cloud-based healthcare systems around the world are facing. The most important issue is to ensure security and privacy, or in other words, to ensure the confidentiality, integrity, and availability of the data. Although the main provisions for data security and privacy were present in the former legal framework for the protection of personal data, the General Data Protection Regulation (GDPR) introduces new concepts and new requirements. In this paper, we present the main changes and the key challenges of the GDPR and, at the same time, we present how a cloud-based security policy could be modified in order to be compliant with the GDPR, as well as how cloud environments can assist developers to build secure and GDPR compliant cloud-based healthcare systems. The major concept of this paper is dual-purpose; primarily, to facilitate cloud providers in comprehending the framework of the new GDPR and secondly, to identify security measures and security policy rules, for the protection of sensitive data in a cloud-based healthcare system, following our risk-based security policy methodology that assesses the associated security risks and takes into account different requirements from patients, hospitals, and various other professional and organizational actors.

Data Protection Commissioner v. Facebook Ireland Ltd. and Maximillian Schrems (C.J.E.U.)

2021 ◽  
Vol 60 (1) ◽  
pp. 53-98
Author(s):  
Michael S. Aktipis ◽  
Ron B. Katwan
Keyword(s):  
Data Protection ◽  
Data Privacy ◽  
Personal Data ◽  
The United States ◽  
Transfer Mechanism ◽  
The European Union ◽  
Privacy Concerns ◽  
General Data Protection Regulation ◽  
General Data ◽  
The Eu

On July 16, 2020, the Court of Justice of the European Union (CJEU) issued its ruling in Data Protection Commissioner v. Facebook Ireland Limited and Maximillian Schrems, commonly known as Schrems II, invalidating the EU–U.S. Privacy Shield as a valid transfer mechanism under the EU's General Data Protection Regulation (GDPR) and creating significant legal uncertainty for the continued availability of another widely used transfer mechanism, Standard Contractual Clauses (SCCs), for transfers of EU personal data from commercial entities in the EU to the United States. The widely anticipated ruling marked the second time in five years that the CJEU had invalidated the legal foundation for such data transfers, which in both cases had been the result of a carefully negotiated compromise balancing European data privacy concerns with statutory and constitutional limitations of the U.S. system (see Schrems I).

scholarly journals Compatibility of a Security Policy for a Cloud-based Healthcare System with the EU General Data Protection Regulation (GDPR)

2020 ◽  
Author(s):  
Dimitra Georgiou ◽  
Costas Lambrinoudakis
Keyword(s):  
Data Protection ◽  
Security Policy ◽  
Health Care Systems ◽  
Personal Data ◽  
Legal Framework ◽  
Security And Privacy ◽  
Security Measures ◽  
Sensitive Data ◽  
General Data Protection Regulation ◽  
General Data

Currently, there are several challenges that Cloud-based health-care Systems, around the world, are facing. The most important issue is to ensure security and privacy or in other words to ensure the confidentiality, integrity and availability of the data. Although the main provisions for data security and privacy were present in the former legal framework for the protection of personal data, the General Data Protection Regulation (GDPR) introduces new concepts and new requirements. In this paper, we present the main changes and the key challenges of the General Data Protection Regulation, and also at the same time we present how the Cloud-based Security Policy methodology proposed in [1] could be modified in order to be compliant with the GDPR and how Cloud environments can assist developers to build secure and GDPR compliant Cloud-based health Systems. The major concept of this paper is, primarily, to facilitate Cloud Providers in comprehending the framework of the new General Data Protection Regulation and secondly, to identify security measures and security policy rules for the protection of sensitive data in a Cloud-based Health System, following our risk-based Security Policy Methodology that assesses the associated security risks and takes into account different requirements from patients, hospitals, and various other professional and organizational actors.

The Risk-Based Approach to Data Protection

2020 ◽  
Author(s):  
Raphaël Gellert
Keyword(s):  
Risk Management ◽  
Data Protection ◽  
Personal Data ◽  
Management Tools ◽  
General Data Protection Regulation ◽  
Regulation Theory ◽  
Régulation Theory ◽  
General Data ◽  
Data Protection Law ◽  
The Way

The main goal of this book is to provide an understanding of what is commonly referred to as “the risk-based approach to data protection”. An expression that came to the fore during the overhaul process of the EU’s General Data Protection Regulation (GDPR)—even though it can also be found in other statutes under different acceptations. At its core it consists in endowing the regulated organisation that process personal data with increased responsibility for complying with data protection mandates. Such increased compliance duties are performed through risk management tools. It addresses this topic from various perspectives. In framing the risk-based approach as the latest model of a series of regulation models, the book provides an analysis of data protection law from the perspective of regulation theory as well as risk and risk management literatures, and their mutual interlinkages. Further, it provides an overview of the policy developments that led to the adoption of such an approach, which it discusses in the light of regulation theory. It also includes various discussions pertaining to the risk-based approach’s scope and meaning, to the way it has been uptaken in statutes including key provisions such as accountability and data protection impact assessments, or to its potential and limitations. Finally, it analyses how the risk-based approach can be implemented in practice by providing technical analyses of various data protection risk management methodologies.

scholarly journals Application of Blockchain in Education: GDPR-Compliant and Scalable Certification and Verification of Academic Information

2021 ◽  
Vol 11 (10) ◽  
pp. 4537
Author(s):  
Christian Delgado-von-Eitzen ◽  
Luis Anido-Rifón ◽  
Manuel J. Fernández-Iglesias
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
General Data Protection Regulation ◽  
Certification System ◽  
Proposed Model ◽  
Different Types ◽  
International Regulations ◽  
Innovative Solution ◽  
General Data ◽  
Academic Information

Blockchain technologies are awakening in recent years the interest of different actors in various sectors and, among them, the education field, which is studying the application of these technologies to improve information traceability, accountability, and integrity, while guaranteeing its privacy, transparency, robustness, trustworthiness, and authenticity. Different interesting proposals and projects were launched and are currently being developed. Nevertheless, there are still issues not adequately addressed, such as scalability, privacy, and compliance with international regulations such as the General Data Protection Regulation in Europe. This paper analyzes the application of blockchain technologies and related challenges to issue and verify educational data and proposes an innovative solution to tackle them. The proposed model supports the issuance, storage, and verification of different types of academic information, both formal and informal, and complies with applicable regulations, protecting the privacy of users’ personal data. This proposal also addresses the scalability challenges and paves the way for a global academic certification system.

Crystallex Int'l Corp. v. Bolivarian Rep. Venez. (3D Cir.)

2021 ◽  
pp. 1-21
Author(s):  
Kevin D. Benish
Keyword(s):  
United States Supreme Court ◽  
The United States ◽  
United States Supreme ◽  
Decision To Leave ◽  
Court Of Appeals ◽  
The Third ◽  
To Come ◽  
Alter Ego ◽  
Oil Company ◽  
The U.S

On May 18, 2020, the United States Supreme Court denied a request by the Bolivarian Republic of Venezuela and its state-owned oil company, Petróleos de Venezuela, S.A. (PDVSA), to review the merits of Crystallex Int'l Corp. v. Bolivarian Republic of Venezuela, a decision by the U.S. Court of Appeals for the Third Circuit. In Crystallex, the Third Circuit affirmed a trial court's determination that PDVSA is the “alter ego” of Venezuela itself, thus permitting Crystallex to enforce a $1.4 billion judgment against Venezuela by attaching property held in PDVSA's name. Given the Supreme Court's decision to leave the Third Circuit's opinion undisturbed, Crystallex is a significant decision that may affect parties involved in transnational litigation for years to come—especially those pursuing or defending against U.S. enforcement proceedings involving the property of foreign states.

scholarly journals Belonging in the Coronaverse: Will There Be Time?

2021 ◽  
Vol 1 (1) ◽  
pp. 100-115
Author(s):  
Kate Fischer ◽  
Malika Rakhmonova ◽  
Mike Tran
Keyword(s):  
College Experience ◽  
The United States ◽  
Limited Time ◽  
The Novel ◽  
Residential University ◽  
To Come ◽  
Novel Coronavirus ◽  
University Experience ◽  
The U.S ◽  
Older Siblings

Abstract Since the spring of 2020 SARS-CoV-2, the novel coronavirus, has upended lives and caused a rethinking of nearly all social behaviors in the United States. This paper examines the ways in which the pandemic, shutdown, and gradual move towards “normal” have laid bare and obfuscated societal pressures regarding running out of time as it pertains to the residential university experience. Promised by movies, television, and older siblings and friends as a limited-time offer, the “typical” college experience is baked into the U.S. imaginary, reinforcing a host of notions of who “belongs” on campus along lines of race, class, and age. Fed a vision of what their whole lives “should be”, students who enter a residential four-year college are already imbued with a nostalgia for what is yet to come, hailed, in Althusser’s (2006[1977]) sense, as university subjects even before their first class. The upheaval of that subjecthood during the pandemic has raised important questions about the purpose of the college experience as well as how to belong to a place that is no longer there.

scholarly journals Algorithms that remember: model inversion attacks and data protection law

2018 ◽  
Vol 376 (2133) ◽  
pp. 20180083 ◽  
Author(s):  
Michael Veale ◽  
Reuben Binns ◽  
Lilian Edwards
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Training Data ◽  
Theme Issue ◽  
Future Directions ◽  
Model Inversion ◽  
General Data Protection Regulation ◽  
General Data ◽  
Inference Attacks ◽  
Use Of Models

Many individuals are concerned about the governance of machine learning systems and the prevention of algorithmic harms. The EU's recent General Data Protection Regulation (GDPR) has been seen as a core tool for achieving better governance of this area. While the GDPR does apply to the use of models in some limited situations, most of its provisions relate to the governance of personal data, while models have traditionally been seen as intellectual property. We present recent work from the information security literature around ‘model inversion’ and ‘membership inference’ attacks, which indicates that the process of turning training data into machine-learned systems is not one way, and demonstrate how this could lead some models to be legally classified as personal data. Taking this as a probing experiment, we explore the different rights and obligations this would trigger and their utility, and posit future directions for algorithmic governance and regulation. This article is part of the theme issue ‘Governing artificial intelligence: ethical, legal, and technical opportunities and challenges’.

Regulatory Challenges of Data Mining Practices: The Case of the Never-ending Lifecycles of ‘Health Data’

2018 ◽  
Vol 25 (3) ◽  
pp. 284-307
Author(s):  
Giovanni Comandè ◽  
Giulia Schneider
Keyword(s):  
Data Mining ◽  
Data Protection ◽  
Personal Data ◽  
Health Data ◽  
General Level ◽  
General Data Protection Regulation ◽  
The Face ◽  
General Data ◽  
Level Of Analysis

Abstract Health data are the most special of the ‘special categories’ of data under Art. 9 of the General Data Protection Regulation (GDPR). The same Art. 9 GDPR prohibits, with broad exceptions, the processing of ‘data concerning health’. Our thesis is that, through data mining technologies, health data have progressively undergone a process of distancing from the healthcare sphere as far as the generation, the processing and the uses are concerned. The case study aims thus to test the endurance of the ‘special category’ of health data in the face of data mining technologies and the never-ending lifecycles of health data they feed. At a more general level of analysis, the case of health data shows that data mining techniques challenge core data protection notions, such as the distinction between sensitive and non-sensitive personal data, requiring a shift in terms of systemic perspectives that the GDPR only partly addresses.

Sign in / Sign up

Export Citation Format

Share Document