scholarly journals Data protection impact assessments in the European Union: complementing the new legal framework towards a more robust protection of individuals

2020 ◽  
Author(s):  
Dariusz Kloza ◽  
Niels van Dijk ◽  
Raphaël Gellert ◽  
István Böröcz ◽  
Alessia Tanas ◽  
...  
Keyword(s):  
European Union ◽  
Impact Assessment ◽  
Data Protection ◽  
Best Practice ◽  
Personal Data ◽  
Legal Framework ◽  
Background Information ◽  
The European Union ◽  
Legal Provisions ◽  
The Eu

This paper provides recommendations for the European Union (EU) to complement the requirement for data protection impact assessment (DPIA), as set forth in the General Data Protection Regulation (GDPR), with a view of achieving a more robust protection of personal data. In April 2016 the EU concluded the core part of the reform of its legal framework for personal data protection. The Union is currently preparing implementing measures and guidelines to give full effect to the new legal provisions before their applicability from May 2018. This reform introduces, among other ‘novelties’, a legal requirement to conduct a DPIA. However, this requirement bears a few weak points. In order to inform this on-going policy-making process, the present policy brief attempts to draft a best practice for a generic type of impact assessment, i.e. recommended for different areas (section II). Section III makes an early evaluation of how this best practice relates to the specific impact assessment requirement set forth in the GDPR, i.e. DPIA. These sections are preceded by succinct background information on impact assessments as such: definition, historical overview, and their merits and drawbacks (section I). Section IV concludes this paper by offering recommendations for complementing the DPIA requirement in the GDPR: (1) to expand the scope of the DPIA requirement in the GDPR; (2) to develop methods for conducting such an assessment; (3) to establish ‘reference centres’ on DPIA at data protection authorities (DPAs). This policy brief is addressed predominantly to policy-makers at the EU- and Member State-level, notwithstanding the potential interest it might gain from their counterparts elsewhere in the world.

scholarly journals The European Union and the Search for an International Data Protection Framework

2014 ◽  
Vol 2 (2) ◽  
pp. 55 ◽  
Author(s):  
Christopher Kuner
Keyword(s):  
European Union ◽  
Data Protection ◽  
Legal Framework ◽  
Fundamental Rights ◽  
The European Union ◽  
International Data ◽  
Data Protection Law ◽  
Eu Fundamental Rights ◽  
Global Data ◽  
The Eu

The European Union (EU) has supported the growing calls for the creation of an international legal framework to safeguard data protection rights. At the same time, it has worked to spread its data protection law to other regions, and recent judgments of the Court of Justice of the European Union (CJEU) have reaffirmed the autonomous nature of EU law and the primacy of EU fundamental rights law. The tension between initiatives to create a global data protection framework and the assertion of EU data protection law raises questions about how the EU can best promote data protection on a global level, and about the EU’s responsibilities to third countries that have adopted its system of data protection.

scholarly journals Artificial intelligence, Digital Single Market and the proposal of a right to fair and reasonable inferences: a legal issue between ethics and techniques

2019 ◽  
Vol 5 (2) ◽  
pp. 75-91
Author(s):  
Alexandre Veronese ◽  
Alessandra Silveira ◽  
Amanda Nunes Lopes Espiñeira Lemos
Keyword(s):  
Artificial Intelligence ◽  
European Union ◽  
Data Protection ◽  
Personal Data ◽  
Legal Framework ◽  
Single Market ◽  
Legal Issue ◽  
The European Union ◽  
European Union Law ◽  
General Data Protection Regulation

The article discusses the ethical and technical consequences of Artificial intelligence (hereinafter, A.I) applications and their usage of the European Union data protection legal framework to enable citizens to defend themselves against them. This goal is under the larger European Union Digital Single Market policy, which has concerns about how this subject correlates with personal data protection. The article has four sections. The first one introduces the main issue by describing the importance of AI applications in the contemporary world scenario. The second one describes some fundamental concepts about AI. The third section has an analysis of the ongoing policies for AI in the European Union and the Council of Europe proposal about ethics applicable to AI in the judicial systems. The fourth section is the conclusion, which debates the current legal mechanisms for citizens protection against fully automated decisions, based on European Union Law and in particular the General Data Protection Regulation. The conclusion will be that European Union Law is still under construction when it comes to providing effective protection to its citizens against automated inferences that are unfair or unreasonable.

scholarly journals ESTUDO SOBRE A REALIZAÇÃO DO DIREITO DA PROTECÇÃO DE DADOS PESSOAIS ATRAVÉS DA JURISPRUDÊNCIA DO TRIBUNAL DE JUSTIÇA DA UNIÃO EUROPEIA

2020 ◽  
Vol 29 (1) ◽  
Author(s):  
Rita De Sousa Costa
Keyword(s):  
European Union ◽  
Data Protection ◽  
Personal Data ◽  
Case Law ◽  
Legal Framework ◽  
The European Union ◽  
Personal Data Protection ◽  
Court Of Justice ◽  
European Data ◽  
Data Protection Law

[PT]No presente texto, apresentamos as grandes linhas de aplicação do direito europeu da protecção de dados conforme gizadas pela jurisprudência do TJUE, com o objectivo de demonstrar como e em que medida este Tribunal modelou – e continua a modelar – o quadro jurídico em vigor, na certeza de que aquela jurisprudência impõe um conjunto de desafios determinantes para a realização material do direito europeu da protecção de dados pessoais. [ESP]Este texto presenta las líneas generales de la aplicación de la legislación europea de protección de datos tal como se establece en la jurisprudencia del TJUE, con el objetivo de demostrar cómo y en qué medida este Tribunal ha configurado -y sigue configurando- el marco jurídico vigente, con la certeza de que la dicha jurisprudencia plantea una serie de retos cruciales para la aplicación material del derecho europeo de la protección de datos personales. [ENG]This text outlines the implementation of the European data protection law as laid down in the case-law of the Court of Justice of the European Union, with the aim of demonstrating how and to what extent the Court has shaped – and continues to shape – the current legal framework. The case-law analysed points out a plethora of challenges which are key to the implementation of the European personal data protection law.

scholarly journals L’invalidità del Safe Harbor Agreement

2018 ◽  
Author(s):  
Fabiana Accardo
Keyword(s):  
European Union ◽  
Data Protection ◽  
Personal Data ◽  
Safe Harbor ◽  
The European Union ◽  
Court Of Justice ◽  
The Us ◽  
Data Protection Law ◽  
The Impact ◽  
The Eu

The purpose of this article is that to explain the impact of the landmark decision Schrems c. Data Protection Commissioner [Ireland] - delivered on 7 October 2015 (Case C-362/2014 EU) by the Court of Justice - on the European scenario. Starting from a brief analysis of the major outcomes originated from the pronunciation of the Court of Justice, then it tries to study the level of criticality that the Safe Harbor Agreement and the subsequently adequacy Commission decision 2000/520/EC – that has been invalidated with Schrems judgment – have provoked before this pronunciation on the matter of safeguarding personal privacy of european citizens when their personal data are transferred outside the European Union, in particular the reference is at the US context. Moreover it focuses on the most important aspects of the new EU-US agreement called Privacy Shield: it can be really considered the safer solution for data sharing in the light of the closer implementation of the Regulation (EU) 2016/679, which will take the place of the Directive 95 /46/CE on the EU data protection law?

scholarly journals Equality and Diversity Management Inside the Institutions of the European Union

2020 ◽  
Vol 12 (1) ◽  
pp. 223-240
Author(s):  
Silvia Manessi
Keyword(s):  
European Union ◽  
English Language ◽  
Diversity Management ◽  
Legal Framework ◽  
Equal Treatment ◽  
The European Union ◽  
Legal Provisions ◽  
Starting Point ◽  
Equality And Diversity ◽  
The Eu

The aim of this paper is to analyse the legal framework regulating the careers of civil servants working for the EU institutions and reveal how the values of equality and diversity are communicated and embedded in their daily lives. The research examines the English language used in the HR legal framework of the EU institutions and explores the linguistic aspects related to equality and diversity management and inclusive language. The starting point of this research is the idea that the European Union is based on the values of democracy, the rules of law and the equal treatment of its citizen, who are celebrated for their diversity. It is thus highly relevant to look at the EU in action and see if it is consistent in the understanding and application of these values. The methodological approach of this research entailed the creation and analysis of a unique corpus composed of all the applicable HR legal provisions in force within the EU institutions, and the examination of the linguistic features (word lists by frequency, concordances, collocations and lexical bundles) of the terminology related to four different areas of equality and diversity – the LGBTI community, gender, the elderly and persons with a disability – with the final aim to take stock of the related developments in the use of the English language. The results indicate that the language used in the EU HRM legal framework is not in line with the EU values of equality and diversity, and the research concludes with highlighting possible improvements of the language used in the corpus.

scholarly journals Developing The Personal Data Protection In The European Union: A Consumer-Oriented Approach The Romanian Experience

2008 ◽  
Vol 12 (1) ◽  
pp. 63-74
Author(s):  
Calin Veghes
Keyword(s):  
European Union ◽  
Data Protection ◽  
Direct Marketing ◽  
Personal Data ◽  
Legal Framework ◽  
Public Institutions ◽  
Legal Rights ◽  
The European Union ◽  
Personal Data Protection ◽  
Laws And Regulations

Protection of personal data represents a relatively recent concern for all the entities consumers, organizations and public institutions involved in the development of the direct marketing industry and the overall Romanian market. Noteworthy growth of the direct marketing campaigns, increase in the consumer demands and expectations and the background provided by the countrys adhesion to the European Union, have determined a strong necessity to build up a legal framework for protection of the personal data. Important steps have been made when laws no. 677 (on the protection of the personal data in terms of their processing and free circulation - 2001), no. 506 (on the processing of personal data and protection of privacy in the electronic communications sector - 2004) and no. 102 (regarding the setting up, organization and functioning of the National Supervisory Authority for Personal Data Processing - 2005) have been issued. Adoption of the Directive no. 95/46/EC has connected Romanian and European Union legal framework of the personal data protection. Enforcement of the existing legal background has revealed several problems that have affected activities conducted mainly by the direct marketing and marketing research companies. Relatively unclear definition of the content of personal data to be protected appeared to be one of the most important. From this point, at least the following questions should be answered:what is the specific meaning of the personal data? What data is personal and must be protected through dedicated laws and regulations?are public initiatives best ways and public institutions sole entities to handle the development of an effective legal background for the personal data protection?how important is the voice of the consumers in the process of development of a regulatory environment in this area? Should those to be protected represent the main source of initiating and building the related legal framework?An exploratory survey on a sample including 96 Romanian urban consumers aged 18 to 45 has been conducted aiming to provide information on the: importance of the data protection for the consumers, main characteristics of the data protection legal environment (area of protection, public-private, respectively national-international relationships in terms of the data protection, need for national or international laws and regulations), content of the personal data to be protected by a more precisely defined object of the law, consumer preferences regarding the opt-in and opt-out mechanisms, knowledge associated to the legal rights of consumers related to the personal data protection as they are granted through the existing law, major risks associated with the absence or improper personal data protection mechanisms, consumers exposure to the personal communication media, preferences for personal sources of information and perceived importance of personalization as potential factors to be considered for the development of the personal data protection legal framework, opportunity to develop and implement a Robinson list.Results of the survey may serve as a starting point for a future research conducted at the level of a national representative sample and the Romanian experience may be considered for the upcoming effort to develop a legal framework of the personal data protection in the European Union based on the consumers views, needs and expectations.

scholarly journals DEVELOPMENT OF THE PERSONAL DATA PROTECTION FRAMEWORK – WILL THE PANDEMIC BRING NEW CHANGES?

2021 ◽  
Vol 12 ◽  
pp. 59-66
Author(s):  
Marta Mackeviča ◽  
Keyword(s):  
European Union ◽  
Data Protection ◽  
Personal Data ◽  
Legal Framework ◽  
Point Of View ◽  
The European Union ◽  
Personal Privacy ◽  
General Data Protection Regulation ◽  
Complex Concept ◽  
Personal Data Protection

The General Data Protection Regulation (hereinafter – the Regulation), which entered into force on 25 May 2018 and introduced a new legal framework for the protection of personal data in the European Union, also included a number of new rights, more precise definitions and improvements in the field of personal data protection. The three‐year period has shown that the Regulation has successfully replaced Directive 95/46/EC of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement ofsuch data, but the Covid‐19 pandemic posed the question: does the Regulation sufficiently define and explain how controllers should deal with the processing of sensitive data, or in situations where employees of companies and institutions work remotely? Data protection is a complex concept that can be analyzed from both a legal and a social point of view. Traditionally, data protection has been referred to as the protection of personal privacy in the context of processes involving the use of personal data. Prior to the implementation of the Regulation, the existing rules on the protection of personal data in the European Union were not sufficiently uniform and were implemented differently in each Member State. It contributed to the development and implementation of the Regulation, in the hope that it would modernize and promote a common data protection regime, while maintaining all the basic principles of data protection that have been followed so far. Prior to the pandemic, the Regulation successfully achieved its original objectives, but hasthe pandemic necessitated a revision of the Regulation? This article will analyze the development of the legal framework for the protection of personal data and analyze the compliance of the Regulation with the requirements arising from the effects of the pandemic.

scholarly journals Those Who Shall Be Identified: The Data Protection Aspects of the Legal Framework for Electronic Identification in the European Union

2021 ◽  
Vol 11 (2) ◽  
pp. 3-24
Author(s):  
Jozef Andraško ◽  
Matúš Mesarčík
Keyword(s):  
European Union ◽  
Data Processing ◽  
Data Protection ◽  
Mutual Recognition ◽  
Personal Data ◽  
Legal Framework ◽  
The European Union ◽  
General Data Protection Regulation ◽  
General Data

Abstract The article focuses on the intersections of the regulation of electronic identification as provided in the eIDAS Regulation and data protection rules in the European Union. The first part of the article is devoted to the explanation of the basic notions and framework related to the electronic identity in the European Union— the eIDAS Regulation. The second part of the article discusses specific intersections of the eIDAS Regulation with the General Data Protection Regulation (GDPR), specifically scope, the general data protection clause and mainly personal data processing in the context of mutual recognition of electronic identification means. The article aims to discuss the overlapping issues of the regulation of the GDPR and the eIDAS Regulation and provides a further guide for interpretation and implementation of the outcomes in practice.

scholarly journals Ocena skutków dla ochrony danych

2020 ◽  
pp. 161-180
Author(s):  
Aleksandra Pyka
Keyword(s):  
Data Processing ◽  
Impact Assessment ◽  
Data Protection ◽  
Personal Data ◽  
Supervisory Authority ◽  
Legal Provisions ◽  
The Impact ◽  
General Regulation ◽  
The Eu

This article deals with the issue of impact assessment for the protection of personal data. This is a new obligation for the controller. The article presents the essence of impact assessment (DPIA), exclusion from the obligation to carry it out, the prerequisite for mandatory DPIA, the role of the data protection officer and the powers of the supervisory authority. The analysis of legal provisions related to the impact assessment presented here does not refer to specific situations, due to the wide scope for interpreting specific phrases contained in the General Regulation. Nevertheless, the article discusses the issue of conducting data protection impact assessments as one of the most problematic obligations incumbent on the controller, who in practice raises many doubts. The DPIA has been imprecisely regulated by the EU legislator, thus leaving controllers plenty of leeway to interpret the terms used in the General Regulation. In addition, carrying out a DPIA in practice (as a new obligation on entities setting the purposes and means of data processing) can be problematic due to the lack of harmonized methods for conducting a data protection impact assessment. However, controllers cannot assign DPIA implementation to other entities involved in data processing, such as an entity processing personal data on behalf of another. Entities setting the purposes and methods of data processing should not only take into account the provisions of the General Regulation but also a list of data processing operations that are obligatorily subject to DPIA. Controllers fulfilling the obligation to carry out a data protection impact assessment will be obliged by the supervisory authority to demonstrate how to carry out a data protection impact assessment.

scholarly journals Data Protection in the EU and its Implications on Software Development outside the EU

2019 ◽  
Vol 24 (1) ◽  
pp. 1-5
Author(s):  
Ralf Kneuper
Keyword(s):  
European Union ◽  
Software Development ◽  
Data Protection ◽  
Personal Data ◽  
Software Requirements ◽  
The European Union ◽  
General Data Protection Regulation ◽  
It Systems ◽  
General Data ◽  
The Eu

In May 2018, the General Data Protection Regulation (GDPR 2016) came into effect in the European Union (EU), defining requirements on how to handle personal data of EU citizens. This report discusses the effects of this regulation on software development organisations outside the EU, and summaries the software requirements that result from GDPR and therefore apply to most information technology (IT) systems that will handle data of individuals based in the EU.

Sign in / Sign up

Export Citation Format

Share Document