The (Extra-)territorial Scope Rules of the New European Data Protection Law from a Private International Law Perspective—A Model for South Africa?

2021 ◽  
Vol 54 (1) ◽  
Author(s):  
Jonas Baumann ◽  
Nazreen Ismail
Keyword(s):  
International Law ◽  
Data Protection ◽  
Business Models ◽  
Personal Information ◽  
Legal Framework ◽  
Private International Law ◽  
General Data Protection Regulation ◽  
Technical Developments ◽  
Rules And Principles ◽  
Data Protection Law

Novel technical developments are a source for new business models and, at the same time, a challenge for legal systems and in particular data protection laws. A fundamental challenge in this respect is the delocalisation of data proceedings enabled by modern technologies. In addition, most cases related to such new data driven business models contain foreign elements. From a data protection perspective this raises numerous legal questions, related to the territorial scope of data protection instruments and their relation to the established rules and principles of private international law. The European General Data Protection Regulation (GDPR) addresses the delocalisation with extra-territorial scope rules, but the discussion on how those provisions are embedded in the legal framework of private international law has only started. This article will address those questions in context of the GDPR and the South African Protection of Personal Information Act (POPIA) from a comparative perspective. After a brief overview of the GDPR, the requirements of the territorial scope rules of Articles 3(1) and (2) GDPR will be examined. Thereafter, the doctrinal classification of these rules within the established categories of private international law and the question of whether a choice of the applicable data protection law is permitted within the legal framework of the EU will be investigated. In conclusion, the article examines the territorial scope of the POPIA and provides recommendations for an improvement of the existing rules de lege ferenda.

In/acceptable marketing and consumers' privacy expectations: four tests from EU data protection law

2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Gianclaudio Malgieri
Keyword(s):  
Data Protection ◽  
Legal Framework ◽  
Online Marketing ◽  
Step Test ◽  
The European Union ◽  
Content Type ◽  
General Data Protection Regulation ◽  
Managerial Implications ◽  
Data Protection Law ◽  
Legal Frameworks

Purpose This study aims to discover the legal borderline between licit online marketing and illicit privacy-intrusive and manipulative marketing, considering in particular consumers’ expectations of privacy. Design/methodology/approach A doctrinal legal research methodology is applied throughout with reference to the relevant legislative frameworks. In particular, this study analyzes the European Union (EU) data protection law [General Data Protection Regulation (GDPR)] framework (as it is one of the most advanced privacy laws in the world, with strong extra-territorial impact in other countries and consequent risks of high fines), as compared to privacy scholarship on the field and extract a compliance framework for marketers. Findings The GDPR is a solid compliance framework that can help to distinguish licit marketing from illicit one. It brings clarity through four legal tests: fairness test, lawfulness test, significant effect test and the high-risk test. The performance of these tests can be beneficial to consumers and marketers in particular considering that meeting consumers’ expectation of privacy can enhance their trust. A solution for marketers to respect and leverage consumers’ privacy expectations is twofold: enhancing critical transparency and avoiding the exploitation of individual vulnerabilities. Research limitations/implications This study is limited to the European legal framework scenario and to theoretical analysis. Further research is necessary to investigate other legal frameworks and to prove this model in practice, measuring not only the consumers’ expectation of privacy in different contexts but also the practical managerial implications of the four GDPR tests for marketers. Originality/value This study originally contextualizes the most recent privacy scholarship on online manipulation within the EU legal framework, proposing an easy and accessible four-step test and twofold solution for marketers. Such a test might be beneficial both for marketers and for consumers’ expectations of privacy.

Protecting Genetic Privacy in Biobanking through Data Protection Law

2021 ◽  
Author(s):  
Dara Hallinan
Keyword(s):  
Data Protection ◽  
Critical Infrastructure ◽  
Legal Framework ◽  
Privacy Rights ◽  
Genetic Privacy ◽  
General Data Protection Regulation ◽  
General Data ◽  
Research Biobanks ◽  
The Subject ◽  
Data Protection Law

Biobanks are critical infrastructure for medical research. Biobanks, however, are also the subject of considerable ethical and legal uncertainty. Given that biobanks process large quantities of genomic data, questions have emerged as to how genetic privacy should be protected. What types of genetic privacy rights and rights holders should be protected and to what extent? Since 25 May 2018, the General Data Protection Regulation (GDPR) has applied and now occupies a key position in the European legal framework for the regulation of biobanking. This book takes an in-depth look at the function, problems, and opportunities presented by European data protection law under the GDPR as a framework for the protection of genetic privacy in biobanking. It argues that the substantive framework presented by the GDPR already offers an admirable baseline level of protection for the range of genetic privacy rights engaged by biobanking. The book further contends that while numerous problems with this standard of protection are indeed identifiable, the GDPR offers the flexibility to accommodate solutions to these problems, as well as the procedural mechanisms to realise these solutions.

Conflicts of Law in Privacy, Data Protection, and Defamation Disputes: German and English Law

2021 ◽  
pp. 369-405
Author(s):  
Julia Hörnle
Keyword(s):  
International Law ◽  
Data Protection ◽  
Conflicts Of Interest ◽  
Private International Law ◽  
Internet Communication ◽  
General Data Protection Regulation ◽  
Applicable Law ◽  
Personality Rights ◽  
General Data ◽  
Brussels Regulation

Chapter 11 provides a critical analysis of private international law with regard to disputes based on torts between private parties arising from infringements of privacy and data protection rights, and defamation, committed by internet communication. This is a fast-developing and changing area. It compares the private international law rules in Germany and England. The proceedings examined in this chapter are civil litigation, as opposed to judicial review of administrative action (Chapter 7). The chapter covers the harmonized rules under the Brussels Regulation and, in particular, the jurisprudence in respect of the mosaic rule established in Shevill and the rules on civil jurisdiction in the General Data Protection Regulation (GDPR). Additionally, where the Brussels Regulation does not apply, it examines in detail the national rules of jurisdiction in Germany and England, in particular the “conflicts of interest” test in Germany, and, for defamation cases in England, the new test on the most appropriate place under the Defamation Act 2013. Since the rules on applicable law for privacy, defamation, and other personality rights cases are not harmonized in the Rome II Regulation, national law prevails. The rules in Germany and England are analysed—contrasting and comparing the approaches in internet cases. It unravels the extraordinarily complicated and twisted knot of jurisdiction and applicable law in the area of personality rights infringements online and brings some clarity to this area. It concludes with some robust suggestions for improving the rules on jurisdiction and applicable law to provide a better balance of conflicting interests.

scholarly journals An Urgent Suggestion to Pour Old Wine into New Bottles: Comment on “A New Jurisprudential Framework for Jurisdiction”

AJIL Unbound ◽  
2015 ◽  
Vol 109 ◽  
pp. 81-85 ◽  
Author(s):  
Cedric Ryngaert
Keyword(s):  
International Law ◽  
Data Protection ◽  
Legal Framework ◽  
The Internet ◽  
Technological Evolution ◽  
International Jurisdiction ◽  
Cross Border ◽  
Data Protection Law ◽  
Informed Reader ◽  
Previous Scholarship

Dan Svantesson is quickly establishing himself as a leading voice in the field or jurisdiction. Coming to this field from Internet and data protection law, he is surely well placed to criticize the current legal framework of international jurisdiction in light of technological evolution, which has made territoriality lose its salience as the cornerstone of jurisdiction. I myself have recently been characterized as one of the border guards of territoriality, on the basis of my earlier monograph on Jurisdiction in International Law. Accordingly, the informed reader might believe that I will severely criticize as iconoclastic such a proposal as Svantesson’s namely, doing away with territoriality as the very linchpin of jurisdiction. As it happens, however, I largely concur with Svantesson’s ideas, at least to the extent they apply to cross-border transactions via the Internet. In this contribution, I argue that the reality of a de-territorialized Internet necessitates jurisdictional rethinking, but that this rethinking in fact heavily relies on previous scholarship, predating the Internet era. The advent of the current era, however, has lent particular urgency to those earlier proposals.

Enhancing Compliance under the General Data Protection Regulation: The Risky Upshot of the Accountability- and Risk-based Approach

2018 ◽  
Vol 9 (3) ◽  
pp. 502-526 ◽  
Author(s):  
Claudia QUELLE
Keyword(s):  
Data Protection ◽  
Fundamental Rights ◽  
New Approach ◽  
General Data Protection Regulation ◽  
Legal Norms ◽  
Improve Compliance ◽  
Rules And Principles ◽  
General Data ◽  
Data Protection Law ◽  
Fundamental Rights And Freedoms

The risk-based approach has been introduced to the General Data Protection Regulation (GDPR) to make the rules and principles of data protection law “work better”. Organisations are required to calibrate the legal norms in the GDPR with an eye to the risks posed to the rights and freedoms of individuals. This article is devoted to an analysis of the way in which this new approach relates to “tick-box” compliance. How can the law enhance itself? If handled properly by controllers and supervisory authorities, the risk-based approach can bring about a valuable shift in data protection towards substantive protection of fundamental rights and freedoms. While the risk-based approach has a lot of potential, it also has a risk of its own: it relies on controllers to improve compliance, formulating what it means to attain compliance 2.0.

EU Data Protection Law: The Review of Directive 95/46/EC and the General Data Protection Regulation

2017 ◽  
Author(s):  
Peter Hustinx
Keyword(s):  
Data Protection ◽  
Legal Framework ◽  
Fundamental Rights ◽  
Full Potential ◽  
General Data Protection Regulation ◽  
Gradual Development ◽  
Charter Of Fundamental Rights ◽  
General Data ◽  
Data Protection Law ◽  
The Difference

This chapter looks at the origins and the current state of EU data protection law, and highlights the context of the ongoing review of Directive 95/46/EC as its key instrument, as well as the main lines of the proposed General Data Protection Regulation which will replace the Directive in the near future. The analysis shows a gradual development along two lines: one aiming at stronger rights in order to provide more effective protection, and one ensuring more consistent application of those rights across the EU. It also demonstrates the increasing impact of the Charter of Fundamental Rights, both in the case law of the Court of Justice and in the review of the legal framework. At the same time, it is argued that a lack of awareness of the difference in character between Articles 7 and 8 of the Charter could prevent Article 8 from reaching its full potential.

Kommunikation, Kreation und Innovation - Recht im Umbruch?

2019 ◽  
Keyword(s):  
Data Protection ◽  
Industry 4.0 ◽  
Credit Scoring ◽  
Copyright Law ◽  
General Data Protection Regulation ◽  
Technical Developments ◽  
General Data ◽  
Data Protection Law ◽  
Artificial Intelligence Systems

The conference transcript deals with current challenges facing the legal fields of intellectual property, media, competition and data protection law, primarily due to technical developments and the resulting changes in legislation. Examples of this are artificial intelligence systems that call into question essential principles of current patent and copyright law. However, it also deals with questions concerning the legal classification of search engines, social bots and other internet intermediaries, as well as questions of the data protection requirements for bloggers, street photographers and credit scoring, which need to be clarified in particular by the new General Data Protection Regulation. The book also focuses on the regulatory options for "Industry 4.0" data markets and the new directive on copyright in the digital single market. With contributions by Stefan Papastefanou, David Linke, Katrin Giere und Dorothea Heilmann, Azim Semizoglu, Hanno Magnus, Jens Milker, Stefan Michel, Katharina Wunner, André Reinelt, David Kleß, Tobias Endrich-Laimböck, Justus Duhnkrack, Susan Bischoff

scholarly journals Criminal justice profiling and EU data protection law: precarious protection from predictive policing

2019 ◽  
Vol 15 (2) ◽  
pp. 162-176 ◽  
Author(s):  
Orla Lynskey
Keyword(s):  
Data Protection ◽  
Legal Framework ◽  
Predictive Policing ◽  
General Data Protection Regulation ◽  
Court Of Justice ◽  
Specific Assessment ◽  
General Data ◽  
Data Protection Law ◽  
Context Specific ◽  
The Eu

AbstractThis paper examines the application of the latest iterations of EU data protection law – in the General Data Protection Regulation, the Law Enforcement Directive and the jurisprudence of the Court of Justice of the EU – to the use of predictive policing technologies. It suggests that the protection offered by this legal framework to those impacted by predictive policing technologies is, at best, precarious. Whether predictive policing technologies fall within the scope of the data protection rules is uncertain, even in light of the expansive interpretation of these rules by the Court of Justice of the EU. Such a determination would require a context-specific assessment that individuals will be ill-placed to conduct. Moreover, even should the rules apply, the substantive protection offered by the prohibition against automated decision-making can be easily sidestepped and is subject to significant caveats. Again, this points to the conclusion that the protection offered by this framework may be more illusory than real. This being so, there are some fundamental questions to be answered – including the question of whether we should be building predictive policing technologies at all.

The Impact of the GDPR on Extra-EU Legal Systems

2020 ◽  
pp. 224-237
Author(s):  
Maria Casoria ◽  
Eman Mahmood AlSarraf
Keyword(s):  
United Arab Emirates ◽  
Data Protection ◽  
Arabian Gulf ◽  
Personal Data ◽  
Legal Framework ◽  
Legal Systems ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
Data Protection Law ◽  
Regional Organisation

The chapter discusses the influence of the General Data Protection Regulation (GDPR) on legal systems extra-EU and particularly the Kingdom of Bahrain, country member to a regional organisation located in the Arabian Gulf denominated Gulf Cooperation Council (GCC), which is exclusive to six states (i.e., Saudi Arabia, United Arab Emirates, Oman, Qatar, and Kuwait in addition to Bahrain). Amongst these countries, Bahrain is the only one that has recently enacted its own separate Personal Data Protection Law (PDPL) mostly resembling the GDPR due to the ever-increasing commercial relationship with business undertakings in Europe. Moreover, the adoption of the data protection law counts as a huge leap forward taken by the kingdom in reforming its legal framework, since it is the state's striving strategy to grow into a midpoint for data centre, just on time for the launch of data centres opening in Bahrain that are endorsed by Amazon Web Services.

Sign in / Sign up

Export Citation Format

Share Document