scholarly journals The protection of customer personal data as an element of entrepreneurs’ ethical conduct

2018 ◽  
Vol 21 (7) ◽  
pp. 27-44
Author(s):  
Ewa Kulesza
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Business Practices ◽  
Process Data ◽  
Member States ◽  
Eu Member States ◽  
Eu Directive ◽  
The Law ◽  
The Right ◽  
The Eu

The right to the protection of personal data, which is part of the right to privacy, is a fundamental human right. Thus, its guarantees were included in the high-level regulations of the European Union as well as the legal norms of the EU Member States. The first Polish law regulating the protection of personal data was adopted in 1997 as the implementation of EU Directive 95/46. The law imposed a number of obligations on public and private entities which process personal data in order to protect the rights of data subjects and, in particular, to guarantee them the ability to control the correctness of processing of their personal data. Therefore, the law obliged data controllers to process data only on the basis of the premises indicated in the legislation, to adequately secure data, and to comply with the disclosure obligation concerning data subjects, including their right to correct false or outdated data or to request removal of data processed in violation of the law. However, as complaints directed by citizens to the supervisory body—the Inspector General for Personal Data Protection—showed, personal data controllers, especially those operating in the private sector, did not comply with the law, acting in a manner that violated their customers’ rights. In the hitherto existing unfair business practices of entrepreneurs, the violations of the data protection provisions that were the most burdensome for customers were related to preventing them from exercising their rights, including the right to control the processing of data, as well as the failure to provide the controller’s business address, which made it impossible for subjects whose data were used in violation of the law or for the inspecting authorities to contact the company, a lack of data security and a failure to follow the procedures required by law, the failure to secure documents containing personal data or their abandonment, a lack of updating customer data, the use of unverified data sets and sending marketing offers to deceased people or incorrect target recipients, and excessive amounts of data requested by controllers. The violations of the rights of data subjects recorded in Poland and other EU Member States—among other arguments—provided inspiration for the preparation of a new legal act in the form of the EU General Data Protection Regulation (GDPR) (which entered into force on 25 May 2018). The extension of the rights of people whose data are processed was combined in the GDPR with the introduction of new legal instruments disciplining data controllers. Instruments in the form of administrative fines and the strongly emphasised possibility to demand compensation for a violation of the right to data protection were directed in particular against economic entities violating the law.

scholarly journals GEOGRAPHIC DATA AS PERSONAL DATA IN FOUR EU MEMBER STATES

2016 ◽  
Vol III-2 ◽  
pp. 151-157 ◽  
Author(s):  
A. J. de Jong ◽  
B. van Loenen ◽  
J. A. Zevenbergen
Keyword(s):  
Data Protection ◽  
Large Scale ◽  
Personal Data ◽  
Topographic Maps ◽  
Member States ◽  
Eu Member States ◽  
Eu Directive ◽  
Geographic Data ◽  
Protection Legislation ◽  
The Eu

The EU Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data aims at harmonising data protection legislation in the European Union. This should promote the free flow of products and services within the EU. This research found a wide variety of interpretations of the application of data protection legislation to geographic data. The variety was found among the different EU Member States, the different stakeholders and the different types of geographic data. In the Netherlands, the Data Protection Authority (DPA) states that panoramic images of streets are considered personal data. While Dutch case law judges that the data protection legislation does not apply if certain features are blurred and no link to an address is provided. The topographic datasets studied in the case studies do not contain personal data, according to the Dutch DPA, while the German DPA and the Belgian DPA judge that topographic maps of a large scale can contain personal data, and impose conditions on the processing of topographic maps. The UK DPA does consider this data outside of the scope of legal definition of personal data. The patchwork of differences in data protection legislation can be harmonised by using a traffic light model. This model focuses on the context in which the processing of the data takes place and has four categories of data: (1) sensitive personal data, (2) personal data, (3), data that can possibly lead to identification, and (4) non-personal data. For some geographic data, for example factual data that does not reveal sensitive information about a person, can be categorised in the third category giving room to opening up data under the INSPIRE Directive.

scholarly journals GEOGRAPHIC DATA AS PERSONAL DATA IN FOUR EU MEMBER STATES

2016 ◽  
Vol III-2 ◽  
pp. 151-157
Author(s):  
A. J. de Jong ◽  
B. van Loenen ◽  
J. A. Zevenbergen
Keyword(s):  
Data Protection ◽  
Large Scale ◽  
Personal Data ◽  
Topographic Maps ◽  
Member States ◽  
Eu Member States ◽  
Eu Directive ◽  
Geographic Data ◽  
Protection Legislation ◽  
The Eu

The EU Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data aims at harmonising data protection legislation in the European Union. This should promote the free flow of products and services within the EU. This research found a wide variety of interpretations of the application of data protection legislation to geographic data. The variety was found among the different EU Member States, the different stakeholders and the different types of geographic data. In the Netherlands, the Data Protection Authority (DPA) states that panoramic images of streets are considered personal data. While Dutch case law judges that the data protection legislation does not apply if certain features are blurred and no link to an address is provided. The topographic datasets studied in the case studies do not contain personal data, according to the Dutch DPA, while the German DPA and the Belgian DPA judge that topographic maps of a large scale can contain personal data, and impose conditions on the processing of topographic maps. The UK DPA does consider this data outside of the scope of legal definition of personal data. The patchwork of differences in data protection legislation can be harmonised by using a traffic light model. This model focuses on the context in which the processing of the data takes place and has four categories of data: (1) sensitive personal data, (2) personal data, (3), data that can possibly lead to identification, and (4) non-personal data. For some geographic data, for example factual data that does not reveal sensitive information about a person, can be categorised in the third category giving room to opening up data under the INSPIRE Directive.

scholarly journals Applicable Law to Transnational Personal Data: Trends and Dynamics

2020 ◽  
Vol 21 (6) ◽  
pp. 1283-1308
Author(s):  
Jie (Jeanne) Huang
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Chinese Media ◽  
Applicable Law ◽  
Personal Data Protection ◽  
Regional Coordination ◽  
The Law ◽  
Model Law ◽  
The Right ◽  
The Eu

AbstractThe recent COVID-19 outbreak has pushed the tension of protecting personal data in a transnational context to an apex. Using a real case where the personal data of an international traveler was illegally released by Chinese media, this Article identifies three trends that have emerged at each stage of conflict-of-laws analysis for lex causae: (1) The EU, the US, and China characterize the right to personal data differently; (2) the spread-out unilateral applicable law approach comes from the fact that all three jurisdictions either consider the law for personal data protection as a mandatory law or adopt connecting factors leading to the law of the forum; and (3) the EU and China strongly advocate deAmericanization of substantive data protection laws. The trends and their dynamics provide valuable implications for developing the choice of laws for transnational personal data. First, this finding informs parties that jurisdiction is a predominant issue in data breach cases because courts and regulators would apply the law of the forum. Second, currently, there is no international treaty or model law on choice-of-law issues for transnational personal data. International harmonization efforts will be a long and difficult journey considering how the trends demonstrate not only the states’ irreconcilable interests but also how states may consider these interests as their fundamental values that they do not want to trade off. Therefore, for states and international organizations, a feasible priority is to achieve regional coordination or interoperation among states with similar values on personal data protection.

scholarly journals The Right to Privacy—A Fundamental Right in Search of Its Identity: Uncovering the CJEU’s Flawed Concept of the Right to Privacy

2019 ◽  
Vol 20 (05) ◽  
pp. 722-733 ◽  
Author(s):  
Valentin M. Pfisterer
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Fundamental Rights ◽  
The Political ◽  
Strong Impact ◽  
Right To Privacy ◽  
Eu Member States ◽  
The Right To Privacy ◽  
The Right ◽  
The Eu

AbstractIn recent years, the CJEU has impressively brought to bear the protection of the fundamental rights to privacy and protection of personal data as contained in the CFREU. The Court’s decisions in the Digital Rights, Schrems, Tele2, and PNR cases have reshaped the political and legal landscape in Europe and beyond. By restricting the powers of the governments of EU Member States and annulling legislative acts enacted by the EU legislator, the decisions had, and continue to have, effects well beyond the respective individual cases. Despite their strong impact on privacy and data protection across Europe, however, these landmark decisions reveal a number of flaws and inconsistencies in the conceptualization of the rights to privacy and protection of personal data as endorsed and interpreted by the CJEU. This Article identifies and discusses some of the shortcomings revealed in the recent CJEU privacy and data protection landmark decisions and proposes to the CJEU a strategy aimed at resolving these shortcomings going forward.

scholarly journals A Comparative Study of the APEC Privacy Framework- A New Voice in the Data Protection Dialogue?

2008 ◽  
Vol 3 ◽  
pp. 1-44
Author(s):  
Johanna G. Tan
Keyword(s):  
Comparative Study ◽  
Data Protection ◽  
Personal Data ◽  
Eu Member States ◽  
Cross Border ◽  
Eu Directive ◽  
Free Flow Of Information ◽  
International Conventions ◽  
Flow Of Information ◽  
The Eu

AbstractThe dialogue on data protection has so far been dominated by European and American voices. There are currently a few international conventions in place such as the Council of Europe's 1981 Convention for the Protection of Individuals with regard to the Automatic processing of personal data, the 1980 OECD Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data , which apply to 30 OECD countries, and the EU Directive 95/46/EC on the protection of individuals with regard to the processing of personal data, which binds EU member states but has had some impact on non-European countries due to the restriction on cross border flow of information.This has changed with the emergence of the APEC Privacy Framework in 2004 which focuses on the importance of the free flow of information in the digital age. Does the APEC Privacy Framework have anything of value to add or does it dilute the standards already in place? This article will examine these questions and argue that perhaps the APEC Privacy Framework is the first step towards a truly global standard for data protection.

scholarly journals COVID-19 and Applicable Law to Transnational Personal Data: Trends and Dynamics

2021 ◽  
Author(s):  
Jie Huang
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Chinese Media ◽  
Applicable Law ◽  
Personal Data Protection ◽  
Regional Coordination ◽  
The Law ◽  
Model Law ◽  
The Right ◽  
The Eu

The recent COVID-19 outbreak has pushed the tension of protecting personal data in a transnational context to an apex. Using a real case where the personal data of an international traveller was illegally released by Chinese media, the paper identifies that three trends have emerged at the each stage of conflict-of-laws analysis for lex causae: (1) the EU, the US, and China characterize the right to personal data differently, (2) the spread-out unilateral applicable law approach comes from the fact that all three jurisdictions either consider the law for personal data protection as a mandatory law or adopt connecting factors leading to the law of the forum, and (3) the EU and China strongly advocate de-Americanisation of substantive data protection laws. The trends and their dynamics provide valuable implications for developing the choice of laws for transnational personal data. First, this finding informs parties that jurisdiction is a predominant issue in data breach cases because courts and regulators would apply the forum law. Second, currently there is no international treaty or model law on choice-of-law issues for transnational personal data. International harmonization efforts will be a long and difficult journey considering how the trends demonstrate not only the states’ irreconcilable interests, but also how states may consider these interests as their fundamental values that they do not want to trade off. Therefore, for states and international organisations, a feasible priority is to achieve regional coordination or interoperation among states with similar values on personal data protection.

scholarly journals The practice of imposing administrative fines by the State Data Protection Inspectorate in the context of other EU Member States

2021 ◽  
Vol 44 (2) ◽  
pp. 153-169
Author(s):  
Aurimas Šidlauskas
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
The State ◽  
General Context ◽  
Member States ◽  
State Data ◽  
General Data Protection Regulation ◽  
Supervisory Authority ◽  
Eu Member States ◽  
The Eu

The implementation of the EU General Data Protection Regulation (hereinafter referred to as the Regulation), which, among other things, aims to eliminate disparities between national systems and to alleviate unnecessary administrative burdens, began on 25 May 2018. Each Member State is to ensure that there is one or more independent public authorities (hereinafter referred to as the supervisory authority) responsible for monitoring the implementation of the Regulation. In Lithuania, personal data protection is supervised by two authorities, namely by the State Data Protection Inspectorate (hereinafter referred to as the SDPI) and by the Office of the Inspector of Journalist Ethics. The powers conferred on the supervisory authorities by the Regulation are greater and broader in scope than those granted under previous data protection legislation. Organizations which process personal data must ensure compliance with the requirements laid down in the Regulation. A supervisory authority that violates the provisions of the Regulation may be faced with heavy administrative fines and other sanctions. This article analyzes the practice of imposing administrative fines in the EU and in Lithuania as compared to other EU Member States. The author of the article believes that evaluating the practice of imposing administrative fines by the SDPI within the general context of the EU shall enable one to search for the reasons behind the current situation, as well as to improve the processes the SDPI employs to perform functions associated with data protection supervision. The article uses generalization and comparative analysis of scientific literature, legal documents and statistical data.

scholarly journals W poszukiwaniu prawa właściwego dla cywilnoprawnych roszczeń odszkodowawczych z tytułu naruszenia RODO (art. 82 RODO)

2021 ◽  
Vol 28 ◽  
pp. 51-73
Author(s):  
Monika Jagielska ◽  
Mariusz Jagielski
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Eu Member States ◽  
Personal Data Protection ◽  
Personal Rights ◽  
Compensation Claims ◽  
The Law ◽  
Contractual Obligations ◽  
The Relationship ◽  
The Eu

The main purpose of this study is to determine which conflict of law rules constitute the basis for the search for the law applicable to private-law compensation claims provided for in Article 82 of the GDPR, and whether it is possible to apply the Rome II Regulation on the law applicable to non-contractual obligations in this regard. The authors first set out the main features of the claim, with particular emphasis on those areas where discrepancies may arise at the level of national law. They then qualify the claim as a tortious one, which leads them to pose a question about the applicability of the Rome II Regulation in this case. Special attention is given to the relationship between privacy and personal data protection. The authors argue that these two spheres have become gradually separated from each other and finally, under GDPR, claims for damages for a breach of personal data protection being independent of claims for an infringement of personal rights. Consequently, they assume that the law applicable to a claim under Article 82 of the GDPR should be indicated on the basis of the Rome II Regulation, despite the doubts arising from the exclusion provided for in Article 1.2.g Rome II. If approach is accepted, it will have significant consequences for the harmonisation of the application of the GDPR in the EU Member States, and for achieving the harmonisation of decisions at the level of national law.

Article 50 International cooperation for the protection of personal data

2020 ◽  
Author(s):  
Christopher Kuner
Keyword(s):  
International Cooperation ◽  
Data Protection ◽  
Personal Data ◽  
Member States ◽  
Eu Member States ◽  
Protection Legislation ◽  
Access Information ◽  
Article 50 ◽  
The Eu

Recital 6; Article 15(1)(c) (Right to access information about data recipients in third countries); Articles 70(1)(v) and (w) (Board’s tasks to facilitate exchanges with supervisory authorities in third countries and exchanges of knowledge on data protection legislation with supervisory authorities worldwide); Article 96 (Relationship with previously concluded agreements of the EU Member States).

The EU General Data Protection Regulation: How will it impact the regulation of research biobanks? Setting the legal frame in the Mediterranean and Eastern European area

2018 ◽  
Vol 18 (4) ◽  
pp. 241-255 ◽  
Author(s):  
Simone Penasa ◽  
Iñigo de Miguel Beriain ◽  
Carla Barbosa ◽  
Anna Białek ◽  
Theodora Chortara ◽  
...  
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Eastern European ◽  
Member States ◽  
General Data Protection Regulation ◽  
Eu Member States ◽  
European Area ◽  
General Data ◽  
The Mediterranean ◽  
The Eu

On 25 May 2018, the EU General Data Protection Regulation (GDPR) will come into force. As with the Data Protection Directive (95/46/EC), the regulation of biobanks for scientific research will be profoundly affected by this reform. Accordingly, a comparative survey of some of the existing national regulatory frameworks is of value to aid understanding of whether and how EU Member States will need to realign their systems to ensure compliance with the new Regulation. This article provides a comparison of the positions of Member States in the Mediterranean and Eastern European area, focusing especially on the existing regulatory framework on biobanks, the definition of personal and genetic data, the pseudonymization process, the processing of personal data for medical research purposes (and its impact on the right to consent of the individuals involved) and the secondary use of such data. The article concludes that effective implementation of the EU GDPR will represent a decisive catalyst for adaptive harmonization of biobanks regulation in the European framework.

Sign in / Sign up

Export Citation Format

Share Document