scholarly journals Right to Customization: Conceptualizing the Right to Repair for Informational Privacy

2021 ◽  
Author(s):  
Aurelia Tamo-Larrieux ◽  
Zaira Zihlmann ◽  
Kimberly Garcia ◽  
Simon Mayer
Keyword(s):  
Data Protection ◽  
Privacy By Design ◽  
Informational Privacy ◽  
General Data Protection Regulation ◽  
Digital Service ◽  
Computer Scientists ◽  
User Data ◽  
General Data ◽  
To Come ◽  
The Right

Using a digital service is often framed in a binary way: Either one agrees to the service provider's data processing practices, and is granted access to the service, or one does not, and is denied the service. Many scholars have lamented these ‘take-it-or-leave-it’ situations, as this goes against the ideals of data protection law. To address this inadequacy, computer scientists and legal scholars have tried to come up with approaches to enable more privacy-friendly products and services. In this article, we call for a right to customize the processing of user data. Our arguments build upon technology-driven approaches as well as on the ideals of privacy by design and the now codified data protection by design and default norm within the General Data Protection Regulation. In addition, we draw upon the right to repair that is propagated to empower consumers and enable a more circular economy. We propose two technologically-oriented approaches, termed ‘variants’ and ‘alternatives’ that could enable the technical implementation of a right to customization. We posit that these approaches cannot be demanded without limitation, and that restrictions will depend on how reasonable a customization demand is.

scholarly journals Slave to the Algorithm? Why a 'right to an explanation' is probably not the remedy you are looking for

2017 ◽  
Author(s):  
Lilian Edwards ◽  
Michael Veale
Keyword(s):  
Data Protection ◽  
Design Data ◽  
General Data Protection Regulation ◽  
Law And Technology ◽  
Computer Scientists ◽  
General Data ◽  
Data Portability ◽  
The Right ◽  
War Stories ◽  
The Eu

Cite as Lilian Edwards and Michael Veale, 'Slave to the Algorithm? Why a 'right to an explanation' is probably not the remedy you are looking for' (2017) 16 Duke Law and Technology Review 18–84. (First posted on SSRN 24 May 2017)Algorithms, particularly machine learning (ML) algorithms, are increasingly important to individuals’ lives, but have caused a range of concerns revolving mainly around unfairness, discrimination and opacity. Transparency in the form of a “right to an explanation” has emerged as a compellingly attractive remedy since it intuitively promises to “open the black box” to promote challenge, redress, and hopefully heightened accountability. Amidst the general furore over algorithmic bias we describe, any remedy in a storm has looked attractive.However, we argue that a right to an explanation in the EU General Data Protection Regulation (GDPR) is unlikely to present a complete remedy to algorithmic harms, particularly in some of the core “algorithmic war stories” that have shaped recent attitudes in this domain. Firstly, the law is restrictive, unclear, or even paradoxical concerning when any explanation-related right can be triggered. Secondly, even navigating this, the legal conception of explanations as “meaningful information about the logic of processing” may not be provided by the kind of ML “explanations” computer scientists have developed, partially in response. ML explanations are restricted both by the type of explanation sought, the dimensionality of the domain and the type of user seeking an explanation. However, “subject-centric" explanations (SCEs) focussing on particular regions of a model around a query show promise for interactive exploration, as do explanation systems based on learning a model from outside rather than taking it apart (pedagogical vs decompositional explanations ) in dodging developers' worries of IP or trade secrets disclosure.Based on our analysis, we fear that the search for a “right to an explanation” in the GDPR may be at best distracting, and at worst nurture a new kind of “transparency fallacy.” But all is not lost. We argue that other parts of the GDPR related (i) to the right to erasure ("right to be forgotten") and the right to data portability; and (ii) to privacy by design, Data Protection Impact Assessments and certification and privacy seals, may have the seeds we can use to make algorithms more responsible, explicable, and human-centred.

scholarly journals Uchybienie przepisom o ochronie danych osobowych jako naruszenie dobra osobistego – analiza na przykładzie orzecznictwa Sądu Najwyższego

2019 ◽  
pp. 245-259
Author(s):  
Bernard Łukanko
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Right To Privacy ◽  
Professional Literature ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
The Right To Privacy ◽  
General Data ◽  
The Right ◽  
Personal Interests

The study is concerned with the issue of mutual relationship between the failure to comply with the laws on personal data protection and regulations relating to the protection of personal interests, including in particular the right to privacy. The article presents the views held by the Supreme Court with respect to the possibility of considering acts infringing upon the provisions of the Personal Data Protection Act of 1997 (after 24 May 2018) and of the General Data Protection Regulation (after 25 May 2018) as violation of personal interests, such as the right to privacy. The author shared the view of the case law stating that, if in specifc circumstances the processing of personal data violates the right to privacy, the party concerned may seek remedy on the grounds of Articles 23 and 24 of the Polish Civil Code. This position isalso relevant after the entry into force of the GDPR which, in a comprehensive and exhaustive manner, directly applicable in all Member States, regulates the issue of liability under civil law for infringements of the provisions of the Regulation, however, according to the position expressed in professional literature, it does not exclude the concurrence of claims and violation of the provisions on the protection of personal interests caused by a specifc event. In case of improper processing of personal data, the remedies available under domestic law on the protection of personal interests may be of particular importance outside the subject matter scope of the GDPR applicability. 

New Boundaries for the Right to Be Forgotten?

2020 ◽  
pp. 302-314
Author(s):  
Federica Casarosa ◽  
Dianora Poletti
Keyword(s):  
Supreme Court ◽  
Data Protection ◽  
Legal Framework ◽  
General Data Protection Regulation ◽  
National Courts ◽  
Right To Be Forgotten ◽  
The Supreme Court ◽  
General Data ◽  
Grand Chamber ◽  
The Right

The right to be forgotten has come to the forefront of the academic debate as a reaction to Court of Justice's decision in case C-507/17 Google LLC c. CNIL concerning the issue of geographical extension of the delisting obligation. Along with the development of CJEU jurisprudence, national courts have developed their own caselaw interpreting and adapting the right to be forgotten, now included in art 17 of the General Data Protection Regulation, to the pre-existing legal framework. Italian courts, and in particular the Italian Supreme Court, have addressed in several occasions the features and facets of the right to be forgotten, and the recent decision of the Grand Chamber (n. 19681, 22 July 2019) is the last though not the least. Starting form this decision, the chapter will analyse how the Supreme Court has attempted to systematise the right to be forgotten distinguishing what is called the traditional application of the right from the ones emerging in the digital context.

Oblivion Is Full of Memory

2021 ◽  
pp. 441-465
Author(s):  
Anabelen Casares Marcos
Keyword(s):  
Data Protection ◽  
Personal Information ◽  
Self Determination ◽  
Current Status ◽  
The Internet ◽  
General Data Protection Regulation ◽  
Legal Duty ◽  
General Data ◽  
The Right ◽  
The Eu

The right to informational self-determination has raised bitter debate over the last decade as to the opportunity and possible scope of the right to demand withdrawal from the internet of personal information which, while true, might represent a detriment that there is no legal duty to put up with. The leading case in this topic is that of Mario Costeja, Judgment of the EU Court of Justice, May 13, 2014. The interest of recent European jurisprudence lies not so much in the recognition of such a right but in the appreciation of certain limits to its implementation, assisting data protection authorities in balancing the rights at stake in each case. Reflection on the current status of the issue considers rights and duties imposed in the matter by Regulation (EU) 2016/679, of 27 April, known as the new General Data Protection Regulation.

The General Data Protection Regulation and the effective protection of data subjects’ rights in the online environment

2021 ◽  
Author(s):  
Mario Egbe Mpame
Keyword(s):  
Member State ◽  
Data Protection ◽  
New Right ◽  
Online Environment ◽  
State Law ◽  
Effective Protection ◽  
General Data Protection Regulation ◽  
Collective Redress ◽  
General Data ◽  
The Right

After an extensive overview of the GDPR, this work examines the new right to representation enshrined in Art. 80 (1) GDPR, which right permits data subjects to designate a competent association to exercise their rights to enforcement, including the right to obtain compensation, on condition that Member State law so permits. With this right being dependent on national law, this work examines how collective redress for data protection mass harm is dealt with in the major European jurisdictions, before giving an overview of the general EU situation and challenges encountered.

scholarly journals The Right to Data Portability: conception, status quo, and future directions

2021 ◽  
Author(s):  
Sophie Kuebler-Wachendorff ◽  
Robert Luzsa ◽  
Johann Kranz ◽  
Stefan Mager ◽  
Emmanuel Syrmoudis ◽  
...  
Keyword(s):  
Service Providers ◽  
Personal Data ◽  
The European Union ◽  
Future Directions ◽  
General Data Protection Regulation ◽  
Digital Service ◽  
General Data ◽  
Data Portability ◽  
The One ◽  
The Right

AbstractFor almost three years, the General Data Protection Regulation (GDPR) has been granting citizens of the European Union the right to obtain personal data from companies and to transfer these data to another company. The so-called Right to Data Portability (RtDP) promises to significantly reduce switching costs for consumers in digital service markets, provided that its potential is effectively translated into reality. Thus, of all the consumer rights in the GDPR, the RtDP has the potential to be the one with the most significant implications for digital markets and privacy. However, our research shows that the RtDP is barely known among consumers and can currently only be implemented in a fragmented manner—especially with regard to the direct transfer of data between online service providers. We discuss several ways to improve the implementation of this right in the present article.

The benefits and challenges of general data protection regulation for the information technology sector

2019 ◽  
Vol 21 (5) ◽  
pp. 510-524 ◽  
Author(s):  
Nazar Poritskiy ◽  
Flávio Oliveira ◽  
Fernando Almeida
Keyword(s):  
Information Technology ◽  
Data Protection ◽  
The State ◽  
Quantitative Methodology ◽  
Content Type ◽  
General Data Protection Regulation ◽  
European Data ◽  
General Data ◽  
The Right ◽  
The Impact

PurposeThe implementation of European data protection is a challenge for businesses and has imposed legal, technical and organizational changes for companies. This study aims to explore the benefits and challenges that companies operating in the information technology (IT) sector have experienced in applying the European data protection. Additionally, this study aims to explore whether the benefits and challenges faced by these companies were different considering their dimension and the state of implementation of the regulation.Design/methodology/approachThis study adopts a quantitative methodology, based on a survey conducted with Portuguese IT companies. The survey is composed of 30 questions divided into three sections, namely, control data; assessment; and benefits and challenges. The survey was created on Google Drive and distributed among Portuguese IT companies between March and April of 2019. The data were analyzed using the Stata software using descriptive and inferential analysis techniques using the ANOVA one-way test.FindingsA total of 286 responses were received. The main benefits identified by the application of European data protection include increased confidence and legal clarification. On the other hand, the main challenges include the execution of audits to systems and processes and the application of the right to erasure. The findings allow us to conclude that the state of implementation of the general data protection regulation (GDPR), and the type of company are discriminating factors in the perception of benefits and challenges.Research limitations/implicationsThis study has essentially practical implications. Based on the synthesis of the benefits and challenges posed by the adoption of European data protection, it is possible to assess the relative importance and impact of the benefits and challenges faced by companies in the IT sector. However, this study does not explore the type of challenges that are placed at each stage of the adoption of European data protection and does not take into account the specificities of the activities carried out by each of these companies.Originality/valueThe implementation of the GDPR is still in an initial phase. This study is pioneering in synthesizing the main benefits and challenges of its adoption considering the companies operating in the IT sector. Furthermore, this study explores the impact of the size of the company and the status of implementation of the GDPR on the perception of the established benefits and challenges.

scholarly journals Can the Internet Forget? – Rhe Eight to be Forgotten in the EU Law and its Actual Impact on the Internet. Comparison of the Approaches Towards the Notion and Assessment of its Effectiveness

2020 ◽  
Vol 9 (1) ◽  
pp. 86-101
Author(s):  
Aleksandra Gebuza
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
The Internet ◽  
Eu Law ◽  
General Data Protection Regulation ◽  
Actual Impact ◽  
Right To Be Forgotten ◽  
General Data ◽  
The Right ◽  
The Eu

AbstractThe main aim of the article is to provide analysis on the notion of the right to be forgotten developed by the CJEU in the ruling Google v. AEPD & Gonzalez and by the General Data Protection Regulation within the context of the processing of personal data on the Internet. The analysis provides the comparison of approach towards the notion between European and American jurisprudence and doctrine, in order to demonstrate the scale of difficulty in applying the concept in practice.

Sign in / Sign up

Export Citation Format

Share Document