International experience in personal data protection

The article is devoted to the analysis of various approaches to the protection of personal data in Russia and the European Union. In order to determine the importance of observing the right to protection of personal data, a number of documents of the European Commission adopted over the past few years have been analyzed. General scientific and special legal methods of cognition allowed for a comparative analysis of Regulation 2016/679 on the Protection of Individuals in the Processing of Personal Data and Their Free Movement (2018) and EU Directive 2016/680. Although Russia has ratified the Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (1981), it has not been able to solve a number of problems related to the mandatory notification about personal data leaks, protection of personal data during their processing and against unauthorized access, etc. As a result, conclusions are drawn regarding the prevailing approaches to the definition of personal data and a unified conceptual and categorical apparatus in the field of personal data. Proposals for the modernization of Russian legislation based on international experience are made as well.

Download Full-text

Georgian Administrative Law

Good Administration and the Council of Europe ◽

10.1093/oso/9780198861539.003.0029 ◽

2020 ◽

pp. 707-722

Author(s):

Tamar Gvaramadze

Keyword(s):

Personal Data ◽

Administrative Law ◽

Council Of Europe ◽

Legal Reforms ◽

Personal Data Protection ◽

Western Values ◽

Fair Hearing ◽

Administrative Proceedings ◽

The Right ◽

The Impact

This chapter discusses the impact of the pan-European principles of good administration on Georgian administrative law. It shows that the legal reforms and modern administrative legislation that started in Georgia in the 1990s were mostly influenced, and directed by, Western values and European principles, including core provisions of the Council of Europe. This influence has manifested itself, among other things, in the Georgian legislator giving constitutional importance to the right to a fair hearing in administrative proceedings and underlining the importance of good administration. Moreover, special parts of administrative law, such as regulation of local self-governance and personal data protection, have also not been immune to this influence, which has been strengthened by the progressive approach undertaken by Georgian courts.

Download Full-text

Personal Data Protection in New Zealand: Lessons for South Africa?

Potchefstroom Electronic Law Journal/Potchefstroomse Elektroniese Regsblad ◽

10.17159/1727-3781/2008/v11i4a2786 ◽

2017 ◽

Vol 11 (4) ◽

pp. 61

Author(s):

A Roos

Keyword(s):

South Africa ◽

New Zealand ◽

South African ◽

Data Protection ◽

Personal Data ◽

The European Union ◽

Right To Privacy ◽

Personal Data Protection ◽

Eu Directive ◽

The Eu

In 1995 the European Union adopted a Directive on data protection. Article 25 of this Directive compels all EU member countries to adopt data protection legislation and to prevent the transfer of personal data to non-EU member countries (“third countries”) that do not provide an adequate level of data protection. Article 25 results in the Directive having extra-territorial effect and exerting an influence in countries outside the EU. Like South Africa, New Zealand is a “third” country in terms of the EU Directive on data protection. New Zealand recognised the need for data protection and adopted a data protection Act over 15 years ago. The focus of this article is on the data protection provisions in New Zealand law with a view to establishing whether South Africa can learn any lessons from them. In general, it can be said that although New Zealand law does not expressly recognise a right to privacy, it has a data protection regime that functions well and that goes a long way to providing adequate data protection as required by the EU Directive on data protection. Nevertheless, the EU has not made a finding to that effect as yet. The New Zealand data protection act requires a couple of amendments before New Zealand might be adjudged ‘adequate’. South Africa’s protection of the right to privacy and identity is better developed and more extensive than that of New Zealand. Privacy is recognised and protected in the law of delict and by the South African Constitution. Despite South Africa’s apparently high regard for the individual’s right to privacy and identity and our well-developed common and constitutional law of privacy, South Africa does not meet the adequacy requirement of the EU Directive, because we do not have a data protection Act. This means that South African participants in the information technology arena are at a constant disadvantage. It is argued that South Africa should follow New Zealand’s example and adopt a data protection law as soon as possible.

Download Full-text

Law and Technology

Movement-Aware Applications for Sustainable Mobility ◽

10.4018/978-1-61520-769-5.ch009 ◽

2010 ◽

pp. 140-156 ◽

Cited By ~ 1

Author(s):

Giusella Finocchiaro ◽

Claire Vishik

Keyword(s):

Complex Systems ◽

Personal Data ◽

Modern Technology ◽

Technological Environment ◽

Personal Data Protection ◽

Use Of Technology ◽

Multiple Data ◽

Law And Technology ◽

Definition Of ◽

The Right

In this chapter the authors analyze the concept and definitions of anonymity in the modern connected world. In particular, they explore if modern technology renders complete anonymity impossible and if a new definition of anonymity needs to be adopted. They examine examples of anonymous use of technology that illustrate the complexity of the concept of anonymity and demonstrate that access to anonymity is not uniform for data owners with regard to multiple data controllers and audiences in complex systems and processes. They evaluate legal definitions of “anonymity” and “anonymous data” as well as the right to anonymity provided in the European directives and by some European statutes, observing that anonymity cannot be absolute, that only “relative” anonymity is realistic in the present technological environment, and that different degrees of anonymity exist. They address the issue of measuring these degrees or levels of anonymity in complex systems, in order to provide a new foundation for a nuanced and comprehensive understanding of anonymity. The authors conclude that the concept of relative anonymity can become the basis for a new and more effective approach to personal data protection.

Download Full-text

From Privacy to Data Protection in the eu: Implications for Big Data Health Research

European Journal of Health Law ◽

10.1163/15718093-12460346 ◽

2018 ◽

Vol 25 (1) ◽

pp. 43-55 ◽

Cited By ~ 5

Author(s):

Menno Mostert ◽

Annelien L. Bredenoord ◽

Bart van der Slootb ◽

Johannes J.M. van Delden

Keyword(s):

Big Data ◽

Data Protection ◽

Health Research ◽

Personal Data ◽

Fundamental Rights ◽

Comprehensive System ◽

The European Union ◽

Data Intensive ◽

Personal Data Protection ◽

The Right

Abstract The right to privacy has usually been considered as the most prominent fundamental right to protect in data-intensive (Big Data) health research. Within the European Union (eu), however, the right to data protection is gaining relevance as a separate fundamental right that should in particular be protected by data protection law. This paper discusses three differences between these two fundamental rights, which are relevant to data-intensive health research. Firstly, the rights based on the right to data protection are of a less context-sensitive nature and easier to enforce. Secondly, the positive obligation to protect personal data requires a more proactive approach by the eu and its Member States. Finally, it guarantees a more comprehensive system of personal data protection. In conclusion, we argue that a comprehensive system of data protection, including research-specific safeguards, is essential to compensate for the loss of individual control in data-intensive health research.

Download Full-text

AN UPDATE ON THE RIGHT TO BE FORGOTTEN AS A PRINCIPLE OF PERSONAL DATA PROTECTION IN EUROPEAN UNION

10.51738/kpolisa2021.18.1r.2.04 ◽

2021 ◽

pp. 99-109

Author(s):

MARIJANA MLADENOV ◽

JELENA STOJŠIĆ DABETIĆ

Keyword(s):

European Union ◽

Data Protection ◽

Personal Data ◽

The European Union ◽

Right To Privacy ◽

General Data Protection Regulation ◽

Personal Data Protection ◽

The Right To Privacy ◽

Right To Be Forgotten ◽

The Right

Should we consider the right to be forgotten as a threat to free speech or the mechanism of the right to privacy? This most controversial element of the right to privacy and personal data protection caused the global debate on privacy and freedom of speech. Despite the fact that the right to be forgotten is codified in Article 17 of the General Data Protection Regulation and that fundamental postulates of this right were defined in Google v. Spain, there still remain unresolved issues. In order to gain a clear idea of the content of the right to be forgotten, as the principle of data protection in accordance with the latest European perspective, the subject matter of the paper refers to analyses of the developments of this right in the light of relevant regulations, as well as of the jurisprudence of the Court of Justice of the European Union (CJEU). The article firstly provides an overview of the concept of the right to be forgotten, from the very early proposals that gave rise to it, to the latest ones contained in recent regulations. Furthermore, the special attention is devoted to the new standards of the concept of the right to be forgotten from the aspect of recent rulings of the CJEU, GC et al v. CNIL and CNIL v. Google. Within the concluding remarks, the authors highlight the need for theoretical innovation and an adequate legal framework of the right to be forgotten in order to fit this right within the sociotechnical legal culture. The goal of the article is to provide insight regarding the implementation of the right to be forgotten in the European Union and to identify the main challenges with respect to the issue.

Download Full-text

EU Laws on Privacy in Genomic Databases and Biobanking

The Journal of Law Medicine & Ethics ◽

10.1177/1073110516644204 ◽

2016 ◽

Vol 44 (1) ◽

pp. 128-142 ◽

Cited By ~ 6

Author(s):

David Townend

Keyword(s):

European Union ◽

Informed Consent ◽

Personal Data ◽

Genomic Data ◽

The European Union ◽

Right To Privacy ◽

Council Of Europe ◽

Genomic Databases ◽

The Right To Privacy ◽

The Right

Both the European Union and the Council of Europe have a bearing on privacy in genomic databases and biobanking. In terms of legislation, the processing of personal data as it relates to the right to privacy is currently largely regulated in Europe by Directive 95/46/EC, which requires that processing be “fair and lawful” and follow a set of principles, meaning that the data be processed only for stated purposes, be sufficient for the purposes of the processing, be kept only for so long as is necessary to achieve those purposes, and be kept securely and only in an identifiable state for such time as is necessary for the processing. The European privacy regime does not require the de-identification (anonymization) of personal data used in genomic databases or biobanks, and alongside this practice informed consent as well as governance and oversight mechanisms provide for the protection of genomic data.

Download Full-text

Personal Data Protection and Access to Archives in Ukraine: From the National and International Perspective

Atlanti ◽

10.33700/2670-451x.28.2.61-70(2018) ◽

2018 ◽

Vol 28 (2) ◽

pp. 61-70

Author(s):

Maryna Paliienko

Keyword(s):

Data Protection ◽

Personal Information ◽

Public Information ◽

Personal Data ◽

International Perspective ◽

Economic Life ◽

The European Union ◽

General Data Protection Regulation ◽

Personal Data Protection ◽

The Right

The article is devoted to the analysis of the General Data Protection Regulation, which came into force on May 25, 2018, on the territory of the member states of the European Union, in comparison with the legislation on personal data that operates in Ukraine. The following basic concepts such as “personal data”, “personal data bases”, “information protection”, “the right to access to information”, “the right to erasure” are considered. Special attention is paid to the activities of archives in collecting, processing, storing and providing access to documents that contain personal information. It is analyzed the Laws of Ukraine “On Information”, “On Protection of Personal Data”, “On Access to Public Information”, “On the National Archival Fond and Archival Institutions”. It has been pointed out that the GDPR has very important value for European socio-political and economic life, for working out data protection standards and a new international privacy protection framework.

Download Full-text

LEGAL ENVIRONMENT OF HUMAN RIGHTS IN THE CONDITIONS OF DEVELOPMENT OF SOCIAL NETWORKS

Constitutional State ◽

10.18524/2411-2054.2021.43.240942 ◽

2021 ◽

pp. 9-15

Author(s):

H. P. Orel

Keyword(s):

Social Networks ◽

Human Rights ◽

Legal Status ◽

Personal Data ◽

Legal Rights ◽

Internet Communication ◽

Council Of Europe ◽

Personal Data Protection ◽

The Right ◽

Speech Information

This article is devoted to the consideration of the components of the legal provision ofhuman rights in the development of social networks. The issue of the legal status of persons –participants of Internet communication is considered. Such rights include: the right to association;the right to freedom of thought and speech; information rights related to the dissemination,transmission, receipt and use of information. Also, this article covers the issue of illegalmanifestations that entail violations of legal rights and interests. For an individual user, this isillegal access to personal data, disclosure of confidential information; defamation; copyrightinfringement; fraud, misuse of bank data, etc. Covers the security of personal data of users ofsocial networks. The main legal act in force today in the field of personal data protection onthe Internet is the Council of Europe Convention for the Protection of Individuals with regardto Automatic Processing of Personal Data. It is determined that social networks strengthen theright to participate in the management of state affairs, including through free elections, providingadditional opportunities for public debate, improving their quality, stimulating democraticprocesses, activity, initiative, awareness and involvement of citizens in issues related to relatedto public administration. It is stated that due to the potential threats arising in connectionwith the functioning of social networks and other institutions of Internet communication, apromising direction is the creation of legal regimes of human rights in terms of regulatingInternet relations to disseminate information while ensuring the balance of interests of allparticipants. and their harmonization with the basics of public order. At the same time, certainproblems, such as reputation protection, protection of intellectual property, should be solvedin line with the already established sectoral regulation, developing it taking into account thespecifics of Internet communication.

Download Full-text

Data Profiling and Elections: Has Data-Driven Political Campaign Gone Too Far?

Udayana Journal of Law and Culture ◽

10.24843/ujlc.2019.v03.i01.p05 ◽

2019 ◽

Vol 3 (1) ◽

pp. 95

Author(s):

Alia Yofira Karunian ◽

Helka Halme ◽

Ann-Marie Söderholm

Keyword(s):

Data Protection ◽

Personal Data ◽

Data Driven ◽

The European Union ◽

Political Campaign ◽

General Data Protection Regulation ◽

Personal Data Protection ◽

Data Profiling ◽

Right To Information ◽

The Right

In the age of digitalization, data-driven political campaign has rapidly shifted into sophisticated data profiling and big data analysis. In Indonesia, the privacy implications of data profiling for political purposes have not been thoroughly studied, much less regulated. This paper aims to conduct a comparative regulatory study between the European Union General Data Protection Regulation (EU GDPR) and Indonesian laws concerning personal data protection in facing the growing practice of data profiling for political purposes. In conclusion, in order to prevent unfair and non-transparent data profiling for political purposes in the upcoming 2019 general election, Indonesia should enact a comprehensive data protection law which provides data subjects with the right to information related to profiling and establishing independent supervisory authority.

Download Full-text

Data Protection Impact Assessment (DPIA) for Cloud-Based Health Organizations

Future Internet ◽

10.3390/fi13030066 ◽

2021 ◽

Vol 13 (3) ◽

pp. 66

Author(s):

Dimitra Georgiou ◽

Costas Lambrinoudakis

Keyword(s):

Impact Assessment ◽

Data Protection ◽

Gap Analysis ◽

Health Care Organization ◽

Personal Data ◽

Care Organization ◽

The European Union ◽

General Data Protection Regulation ◽

Personal Data Protection ◽

Compliance Level

The General Data Protection Regulation (GDPR) harmonizes personal data protection laws across the European Union, affecting all sectors including the healthcare industry. For processing operations that pose a high risk for data subjects, a Data Protection Impact Assessment (DPIA) is mandatory from May 2018. Taking into account the criticality of the process and the importance of its results, for the protection of the patients’ health data, as well as the complexity involved and the lack of past experience in applying such methodologies in healthcare environments, this paper presents the main steps of a DPIA study and provides guidelines on how to carry them out effectively. To this respect, the Privacy Impact Assessment, Commission Nationale de l’Informatique et des Libertés (PIA-CNIL) methodology has been employed, which is also compliant with the privacy impact assessment tasks described in ISO/IEC 29134:2017. The work presented in this paper focuses on the first two steps of the DPIA methodology and more specifically on the identification of the Purposes of Processing and of the data categories involved in each of them, as well as on the evaluation of the organization’s GDPR compliance level and of the gaps (Gap Analysis) that must be filled-in. The main contribution of this work is the identification of the main organizational and legal requirements that must be fulfilled by the health care organization. This research sets the legal grounds for data processing, according to the GDPR and is highly relevant to any processing of personal data, as it helps to structure the process, as well as be aware of data protection issues and the relevant legislation.

Download Full-text