scholarly journals COVID-19 and Applicable Law to Transnational Personal Data: Trends and Dynamics

2021 ◽  
Author(s):  
Jie Huang
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Chinese Media ◽  
Applicable Law ◽  
Personal Data Protection ◽  
Regional Coordination ◽  
The Law ◽  
Model Law ◽  
The Right ◽  
The Eu

The recent COVID-19 outbreak has pushed the tension of protecting personal data in a transnational context to an apex. Using a real case where the personal data of an international traveller was illegally released by Chinese media, the paper identifies that three trends have emerged at the each stage of conflict-of-laws analysis for lex causae: (1) the EU, the US, and China characterize the right to personal data differently, (2) the spread-out unilateral applicable law approach comes from the fact that all three jurisdictions either consider the law for personal data protection as a mandatory law or adopt connecting factors leading to the law of the forum, and (3) the EU and China strongly advocate de-Americanisation of substantive data protection laws. The trends and their dynamics provide valuable implications for developing the choice of laws for transnational personal data. First, this finding informs parties that jurisdiction is a predominant issue in data breach cases because courts and regulators would apply the forum law. Second, currently there is no international treaty or model law on choice-of-law issues for transnational personal data. International harmonization efforts will be a long and difficult journey considering how the trends demonstrate not only the states’ irreconcilable interests, but also how states may consider these interests as their fundamental values that they do not want to trade off. Therefore, for states and international organisations, a feasible priority is to achieve regional coordination or interoperation among states with similar values on personal data protection.

scholarly journals Applicable Law to Transnational Personal Data: Trends and Dynamics

2020 ◽  
Vol 21 (6) ◽  
pp. 1283-1308
Author(s):  
Jie (Jeanne) Huang
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Chinese Media ◽  
Applicable Law ◽  
Personal Data Protection ◽  
Regional Coordination ◽  
The Law ◽  
Model Law ◽  
The Right ◽  
The Eu

AbstractThe recent COVID-19 outbreak has pushed the tension of protecting personal data in a transnational context to an apex. Using a real case where the personal data of an international traveler was illegally released by Chinese media, this Article identifies three trends that have emerged at each stage of conflict-of-laws analysis for lex causae: (1) The EU, the US, and China characterize the right to personal data differently; (2) the spread-out unilateral applicable law approach comes from the fact that all three jurisdictions either consider the law for personal data protection as a mandatory law or adopt connecting factors leading to the law of the forum; and (3) the EU and China strongly advocate deAmericanization of substantive data protection laws. The trends and their dynamics provide valuable implications for developing the choice of laws for transnational personal data. First, this finding informs parties that jurisdiction is a predominant issue in data breach cases because courts and regulators would apply the law of the forum. Second, currently, there is no international treaty or model law on choice-of-law issues for transnational personal data. International harmonization efforts will be a long and difficult journey considering how the trends demonstrate not only the states’ irreconcilable interests but also how states may consider these interests as their fundamental values that they do not want to trade off. Therefore, for states and international organizations, a feasible priority is to achieve regional coordination or interoperation among states with similar values on personal data protection.

scholarly journals Tracing Individuals under the EU Regime on Serious, Cross-border Health Threats: An Appraisal of the System of Personal Data Protection

2017 ◽  
Vol 8 (4) ◽  
pp. 700-722 ◽  
Author(s):  
Patrycja DĄBROWSKA-KŁOSIŃSKA
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Integrated Approach ◽  
Border Health ◽  
Health Security ◽  
Personal Data Protection ◽  
Cross Border ◽  
Health Threats ◽  
The Right ◽  
The Eu

AbstractThe article tackles the issue of personal data protection in case of tracing (looking for) individual persons who have been exposed to health risks pursuant to the EU Decision 1082/2013 on Serious, Cross-border Health Threats. This problem exemplifies just one among many challenges of the health-security nexus in the EU. That is, it regards a certain trade-off between the limitation of individual rights and securing populations’ safety. The text appraises the safeguards for the (lawful) limitation of the right to data protection after an in-depth examination of the provisions of the Health Threats Decision, its implementing measures, the reports on its operation, and in light of the general EU data protection laws. In conclusion, it claims that a number of improvements are needed because of the incompleteness, and the insufficient coherence and transparency of the EU regime for health threats. The established shortcomings are, at least in part, caused by the new EU “integrated approach” to health and security. In effect, an overall philosophy of reforms of public health policy in the name of “all-hazards security” applied in the Health Threats Decision can result in a reduction of the adequate level of protection of individuals’ personal data.

scholarly journals W poszukiwaniu prawa właściwego dla cywilnoprawnych roszczeń odszkodowawczych z tytułu naruszenia RODO (art. 82 RODO)

2021 ◽  
Vol 28 ◽  
pp. 51-73
Author(s):  
Monika Jagielska ◽  
Mariusz Jagielski
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Eu Member States ◽  
Personal Data Protection ◽  
Personal Rights ◽  
Compensation Claims ◽  
The Law ◽  
Contractual Obligations ◽  
The Relationship ◽  
The Eu

The main purpose of this study is to determine which conflict of law rules constitute the basis for the search for the law applicable to private-law compensation claims provided for in Article 82 of the GDPR, and whether it is possible to apply the Rome II Regulation on the law applicable to non-contractual obligations in this regard. The authors first set out the main features of the claim, with particular emphasis on those areas where discrepancies may arise at the level of national law. They then qualify the claim as a tortious one, which leads them to pose a question about the applicability of the Rome II Regulation in this case. Special attention is given to the relationship between privacy and personal data protection. The authors argue that these two spheres have become gradually separated from each other and finally, under GDPR, claims for damages for a breach of personal data protection being independent of claims for an infringement of personal rights. Consequently, they assume that the law applicable to a claim under Article 82 of the GDPR should be indicated on the basis of the Rome II Regulation, despite the doubts arising from the exclusion provided for in Article 1.2.g Rome II. If approach is accepted, it will have significant consequences for the harmonisation of the application of the GDPR in the EU Member States, and for achieving the harmonisation of decisions at the level of national law.

scholarly journals The protection of customer personal data as an element of entrepreneurs’ ethical conduct

2018 ◽  
Vol 21 (7) ◽  
pp. 27-44
Author(s):  
Ewa Kulesza
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Business Practices ◽  
Process Data ◽  
Member States ◽  
Eu Member States ◽  
Eu Directive ◽  
The Law ◽  
The Right ◽  
The Eu

The right to the protection of personal data, which is part of the right to privacy, is a fundamental human right. Thus, its guarantees were included in the high-level regulations of the European Union as well as the legal norms of the EU Member States. The first Polish law regulating the protection of personal data was adopted in 1997 as the implementation of EU Directive 95/46. The law imposed a number of obligations on public and private entities which process personal data in order to protect the rights of data subjects and, in particular, to guarantee them the ability to control the correctness of processing of their personal data. Therefore, the law obliged data controllers to process data only on the basis of the premises indicated in the legislation, to adequately secure data, and to comply with the disclosure obligation concerning data subjects, including their right to correct false or outdated data or to request removal of data processed in violation of the law. However, as complaints directed by citizens to the supervisory body—the Inspector General for Personal Data Protection—showed, personal data controllers, especially those operating in the private sector, did not comply with the law, acting in a manner that violated their customers’ rights. In the hitherto existing unfair business practices of entrepreneurs, the violations of the data protection provisions that were the most burdensome for customers were related to preventing them from exercising their rights, including the right to control the processing of data, as well as the failure to provide the controller’s business address, which made it impossible for subjects whose data were used in violation of the law or for the inspecting authorities to contact the company, a lack of data security and a failure to follow the procedures required by law, the failure to secure documents containing personal data or their abandonment, a lack of updating customer data, the use of unverified data sets and sending marketing offers to deceased people or incorrect target recipients, and excessive amounts of data requested by controllers. The violations of the rights of data subjects recorded in Poland and other EU Member States—among other arguments—provided inspiration for the preparation of a new legal act in the form of the EU General Data Protection Regulation (GDPR) (which entered into force on 25 May 2018). The extension of the rights of people whose data are processed was combined in the GDPR with the introduction of new legal instruments disciplining data controllers. Instruments in the form of administrative fines and the strongly emphasised possibility to demand compensation for a violation of the right to data protection were directed in particular against economic entities violating the law.

scholarly journals Rola samorządów zawodów zaufania publicznego w systemie organów ochrony danych osobowych

2019 ◽  
Vol 116 ◽  
pp. 103-116
Author(s):  
Bogusław Sołtys
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Public Trust ◽  
Personal Data Protection ◽  
The Law ◽  
The Right

THE ROLE OF PROFESSIONS OF PUBLIC TRUST ASSOCIATIONS IN THE SYSTEM OF PERSONAL DATA PROTECTIONThe article contemplates the formal and substantive admissibility of the recognition of the professions of public trust associations as the supervisory authorities under the provisions of GDPR, which supervise the compliance with the laws regarding personal data protection. The article states the necessity and proportionality of the suggested solution in order to reconcile the right to the protection of personal data with the duty to maintain professional secrecy. It is in favour of the implementation of this solution into Polish legislation and formulates appropriate remarks to the legislator about the law as it should stand.

Importance of Personal Data Protection Law for Commercial Air Transport

2017 ◽  
Vol 2017 (1) ◽  
pp. 35-44
Author(s):  
Dawid Zadura
Keyword(s):  
Data Protection ◽  
Public Information ◽  
Personal Data ◽  
Air Transport ◽  
Civil Aviation ◽  
Aviation Industry ◽  
Personal Data Protection ◽  
It Systems ◽  
Data Protection Law ◽  
The Law

Abstract In the review below the author presents a general overview of the selected contemporary legal issues related to the present growth of the aviation industry and the development of aviation technologies. The review is focused on the questions at the intersection of aviation law and personal data protection law. Massive processing of passenger data (Passenger Name Record, PNR) in IT systems is a daily activity for the contemporary aviation industry. Simultaneously, since the mid- 1990s we can observe the rapid growth of personal data protection law as a very new branch of the law. The importance of this new branch of the law for the aviation industry is however still questionable and unclear. This article includes the summary of the author’s own research conducted between 2011 and 2017, in particular his audits in LOT Polish Airlines (June 2011-April 2013) and Lublin Airport (July - September 2013) and the author’s analyses of public information shared by International Civil Aviation Organization (ICAO), International Air Transport Association (IATA), Association of European Airlines (AEA), Civil Aviation Authority (ULC) and (GIODO). The purpose of the author’s research was to determine the applicability of the implementation of technical and organizational measures established by personal data protection law in aviation industry entities.

scholarly journals Personas datu aizsardzības mērķis un tiesiskā regulējuma vēsturiskā attīstība

2019 ◽  
Vol 1 (13) ◽  
pp. 104-109
Author(s):  
Agnese Reine-Vītiņa
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
European Countries ◽  
Population Census ◽  
Federal Republic Of Germany ◽  
Right To Privacy ◽  
Personal Data Protection ◽  
The Right To Privacy ◽  
The Government ◽  
The Right

Mūsdienās tiesības uz privāto dzīvi nepieciešamas ikvienā demokrātiskā sabiedrībā, un šo tiesību iekļaušana konstitūcijā juridiski garantē fiziskas personas rīcības brīvību un vienlaikus arī citu – valsts pamatlikumā noteikto – cilvēka tiesību īstenošanu [5]. Personas datu aizsardzības institūts tika izveidots, izpratnes par tiesību uz personas privātās dzīves neaizskaramību saturu paplašinot 20. gadsimta 70. gados, kad vairāku Eiropas valstu valdības uzsāka informācijas apstrādes projektus, piemēram, tautas skaitīšanu u. c. Informācijas tehnoloģiju attīstība ļāva arvien vairāk informācijas par personām glabāt un apstrādāt elektroniski. Viena no tiesību problēmām bija informācijas vākšana par fizisku personu un tiesību uz privātās dzīves neaizskaramību ievērošana. Lai nodrošinātu privātās dzīves aizsardzību, atsevišķas Eiropas valstis pēc savas iniciatīvas pieņēma likumus par datu aizsardzību. Pirmie likumi par personas datu aizsardzību Eiropā tika pieņemti Vācijas Federatīvajā Republikā, tad Zviedrijā (1973), Norvēģijā (1978) un citur [8, 10]. Ne visas valstis pieņēma likumus par datu aizsardzību vienlaikus, tāpēc Eiropas Padome nolēma izstrādāt konvenciju, lai unificētu datu aizsardzības noteikumus un principus. Nowadays, the right to privacy is indispensable in every democratic society and inclusion of such rights in the constitution, guarantees legally freedom of action of a natural person and, simultaneously, implementation of other human rights established in the fundamental law of the state. The institute of personal data protection was established by expanding the understanding of the content of the right to privacy in the 70’s of the 19th century, when the government of several European countries initiated information processing projects, such as population census etc. For the development of information technology, more and more information on persons was kept and processed in electronic form. One of the legal problems was gathering of information on natural persons and the right to privacy. In order to ensure the protection of privacy, separate European countries, on their own initiative, established a law on data protection. The first laws on the protection of personal data in Europe were established in the Federal Republic of Germany, then in Sweden (1973), Norway (1978) and elsewhere. Not all countries adopted laws on data protection at the same time, so the Council of Europe decided to elaborate a convention to unify data protection rules and principles.

Personal Data Protection in Digital Libraries

2011 ◽  
pp. 413-429
Author(s):  
Ioannis Iglezakis
Keyword(s):  
Data Protection ◽  
Digital Libraries ◽  
Personal Data ◽  
Personal Data Protection ◽  
Privacy Threats ◽  
The Right To Privacy ◽  
Library Users ◽  
Personally Identifiable Information ◽  
The Us ◽  
The Right

Digital libraries provide many advantages compared with traditional libraries, such as wide and round the clock availability of resources, lack of physical boundaries, etc. However, the disclosure of personally identifiable information in the course of processing activities may lead to an invasion of privacy of library users, without their being aware of it. In fact, privacy threats are increased in the digital environment, in which digital libraries operate. The right to privacy in the library is “the right to open inquiry without having the subject of one’s interest examined or scrutinized by others” (ALA, 2005). Users of digital libraries have similar privacy expectations when making use of their services. The issues concerning the privacy of digital libraries’ patrons are thus addressed in comparative perspective, in this chapter. In more particular, the legal regulations with regard to data protection in digital libraries in the EU and the US are presented. The comparative analysis of the two legal orders shows differences and similarities, but also highlights loopholes of protection.

Sign in / Sign up

Export Citation Format

Share Document