scholarly journals Personal Data Protection and Access to Archives in Ukraine: From the National and International Perspective

Atlanti ◽  
2018 ◽  
Vol 28 (2) ◽  
pp. 61-70
Author(s):  
Maryna Paliienko
Keyword(s):  
Data Protection ◽  
Personal Information ◽  
Public Information ◽  
Personal Data ◽  
International Perspective ◽  
Economic Life ◽  
The European Union ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
The Right

The article is devoted to the analysis of the General Data Protection Regulation, which came into force on May 25, 2018, on the territory of the member states of the European Union, in comparison with the legislation on personal data that operates in Ukraine. The following basic concepts such as “personal data”, “personal data bases”, “information protection”, “the right to access to information”, “the right to erasure” are considered. Special attention is paid to the activities of archives in collecting, processing, storing and providing access to documents that contain personal information. It is analyzed the Laws of Ukraine “On Information”, “On Protection of Personal Data”, “On Access to Public Information”, “On the National Archival Fond and Archival Institutions”. It has been pointed out that the GDPR has very important value for European socio-political and economic life, for working out data protection standards and a new international privacy protection framework.

AN UPDATE ON THE RIGHT TO BE FORGOTTEN AS A PRINCIPLE OF PERSONAL DATA PROTECTION IN EUROPEAN UNION

2021 ◽  
pp. 99-109
Author(s):  
MARIJANA MLADENOV ◽  
JELENA STOJŠIĆ DABETIĆ
Keyword(s):  
European Union ◽  
Data Protection ◽  
Personal Data ◽  
The European Union ◽  
Right To Privacy ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
The Right To Privacy ◽  
Right To Be Forgotten ◽  
The Right

Should we consider the right to be forgotten as a threat to free speech or the mechanism of the right to privacy? This most controversial element of the right to privacy and personal data protection caused the global debate on privacy and freedom of speech. Despite the fact that the right to be forgotten is codified in Article 17 of the General Data Protection Regulation and that fundamental postulates of this right were defined in Google v. Spain, there still remain unresolved issues. In order to gain a clear idea of the content of the right to be forgotten, as the principle of data protection in accordance with the latest European perspective, the subject matter of the paper refers to analyses of the developments of this right in the light of relevant regulations, as well as of the jurisprudence of the Court of Justice of the European Union (CJEU). The article firstly provides an overview of the concept of the right to be forgotten, from the very early proposals that gave rise to it, to the latest ones contained in recent regulations. Furthermore, the special attention is devoted to the new standards of the concept of the right to be forgotten from the aspect of recent rulings of the CJEU, GC et al v. CNIL and CNIL v. Google. Within the concluding remarks, the authors highlight the need for theoretical innovation and an adequate legal framework of the right to be forgotten in order to fit this right within the sociotechnical legal culture. The goal of the article is to provide insight regarding the implementation of the right to be forgotten in the European Union and to identify the main challenges with respect to the issue.

scholarly journals Data Profiling and Elections: Has Data-Driven Political Campaign Gone Too Far?

2019 ◽  
Vol 3 (1) ◽  
pp. 95
Author(s):  
Alia Yofira Karunian ◽  
Helka Halme ◽  
Ann-Marie Söderholm
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Data Driven ◽  
The European Union ◽  
Political Campaign ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
Data Profiling ◽  
Right To Information ◽  
The Right

In the age of digitalization, data-driven political campaign has rapidly shifted into sophisticated data profiling and big data analysis. In Indonesia, the privacy implications of data profiling for political purposes have not been thoroughly studied, much less regulated. This paper aims to conduct a comparative regulatory study between the European Union General Data Protection Regulation (EU GDPR) and Indonesian laws concerning personal data protection in facing the growing practice of data profiling for political purposes. In conclusion, in order to prevent unfair and non-transparent data profiling for political purposes in the upcoming 2019 general election, Indonesia should enact a comprehensive data protection law which provides data subjects with the right to information related to profiling and establishing independent supervisory authority.      

scholarly journals Data Protection Impact Assessment (DPIA) for Cloud-Based Health Organizations

2021 ◽  
Vol 13 (3) ◽  
pp. 66
Author(s):  
Dimitra Georgiou ◽  
Costas Lambrinoudakis
Keyword(s):  
Impact Assessment ◽  
Data Protection ◽  
Gap Analysis ◽  
Health Care Organization ◽  
Personal Data ◽  
Care Organization ◽  
The European Union ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
Compliance Level

The General Data Protection Regulation (GDPR) harmonizes personal data protection laws across the European Union, affecting all sectors including the healthcare industry. For processing operations that pose a high risk for data subjects, a Data Protection Impact Assessment (DPIA) is mandatory from May 2018. Taking into account the criticality of the process and the importance of its results, for the protection of the patients’ health data, as well as the complexity involved and the lack of past experience in applying such methodologies in healthcare environments, this paper presents the main steps of a DPIA study and provides guidelines on how to carry them out effectively. To this respect, the Privacy Impact Assessment, Commission Nationale de l’Informatique et des Libertés (PIA-CNIL) methodology has been employed, which is also compliant with the privacy impact assessment tasks described in ISO/IEC 29134:2017. The work presented in this paper focuses on the first two steps of the DPIA methodology and more specifically on the identification of the Purposes of Processing and of the data categories involved in each of them, as well as on the evaluation of the organization’s GDPR compliance level and of the gaps (Gap Analysis) that must be filled-in. The main contribution of this work is the identification of the main organizational and legal requirements that must be fulfilled by the health care organization. This research sets the legal grounds for data processing, according to the GDPR and is highly relevant to any processing of personal data, as it helps to structure the process, as well as be aware of data protection issues and the relevant legislation.

scholarly journals Data Sharing Under the General Data Protection Regulation

Hypertension ◽  
2021 ◽  
Vol 77 (4) ◽  
pp. 1029-1035
Author(s):  
Antonia Vlahou ◽  
Dara Hallinan ◽  
Rolf Apweiler ◽  
Angel Argiles ◽  
Joachim Beige ◽  
...  
Keyword(s):  
European Union ◽  
Data Protection ◽  
Personal Data ◽  
Research Approach ◽  
The European Union ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
Protection Legislation ◽  
General Data ◽  
Almost All

The General Data Protection Regulation (GDPR) became binding law in the European Union Member States in 2018, as a step toward harmonizing personal data protection legislation in the European Union. The Regulation governs almost all types of personal data processing, hence, also, those pertaining to biomedical research. The purpose of this article is to highlight the main practical issues related to data and biological sample sharing that biomedical researchers face regularly, and to specify how these are addressed in the context of GDPR, after consulting with ethics/legal experts. We identify areas in which clarifications of the GDPR are needed, particularly those related to consent requirements by study participants. Amendments should target the following: (1) restricting exceptions based on national laws and increasing harmonization, (2) confirming the concept of broad consent, and (3) defining a roadmap for secondary use of data. These changes will be achieved by acknowledged learned societies in the field taking the lead in preparing a document giving guidance for the optimal interpretation of the GDPR, which will be finalized following a period of commenting by a broad multistakeholder audience. In parallel, promoting engagement and education of the public in the relevant issues (such as different consent types or residual risk for re-identification), on both local/national and international levels, is considered critical for advancement. We hope that this article will open this broad discussion involving all major stakeholders, toward optimizing the GDPR and allowing a harmonized transnational research approach.

scholarly journals GDPR implementation as the main reason for the regional fragmentation in the online mediasphere

2021 ◽  
Vol 273 ◽  
pp. 08099
Author(s):  
Mikhail Smolenskiy ◽  
Nikolay Levshin
Keyword(s):  
European Union ◽  
Data Protection ◽  
Personal Data ◽  
Main Role ◽  
The European Union ◽  
Protection Measures ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
The Usa ◽  
General Data

The EU’s General Data Protection Regulation (GDPR) applies not only to the territory of the European Union, but also to all information systems containing data of EU’s citizens around the world. Misusing or carelessly handling personal data bring fines of up to 20 million euros or 4% of the annual turnover of the offending company. This article analyzes the main trends in the global implementation of the GDPR. Authors considered and analyzed results of personal data protection measures in nineteen regions: The USA, Canada, China, France, Germany, India, Kazakhstan, Nigeria, Russia, South Korea and Thailand, as well as the European Union and a handful of other. This allowed identifying a direct pattern between the global tightening of EU’s citizens personal data protection and the fragmentation of the global mediasphere into separate national segments. As a result of the study, the authors conclude that GDPR has finally slowed down the globalization of the online mediasphere, playing a main role in its regional fragmentation.

scholarly journals Credit-Based Insurance Scores: some Observations in the Light of the European General Data Protection Regulation

2020 ◽  
pp. 155-186
Author(s):  
María Dolores Mas Badia
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Insurance Companies ◽  
The European Union ◽  
History Data ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
Credit History ◽  
Automated Processing ◽  
General Data

Despite the differences between credit risk and insurance risk, in many countries large insurance companies include credit history amongst the information to be taken into account when assigning consumers to risk pools and deciding whether or not to offer them an auto or homeowner insurance policy, or to determine the premium that they should pay. In this study, I will try to establish some conclusions concerning the requirements and limits that the use of credit history data by insurers in the European Union should be subject to. In order to do this, I shall focus my attention primarily on Regulation (EU) 2016/679. This regulation, that came into force on 24 May 2018, not only forms the backbone of personal data protection in the EU, but is also set to become a model for regulation beyond the borders of the Union. This article will concentrate on two main aspects: the lawful basis for the processing of credit history data by insurers, and the rules that should apply to decisions based solely on automated processing, including profiling.Received: 30 December 2019Accepted: 07 February 2020Published online: 02 April 2020

scholarly journals Uchybienie przepisom o ochronie danych osobowych jako naruszenie dobra osobistego – analiza na przykładzie orzecznictwa Sądu Najwyższego

2019 ◽  
pp. 245-259
Author(s):  
Bernard Łukanko
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Right To Privacy ◽  
Professional Literature ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
The Right To Privacy ◽  
General Data ◽  
The Right ◽  
Personal Interests

The study is concerned with the issue of mutual relationship between the failure to comply with the laws on personal data protection and regulations relating to the protection of personal interests, including in particular the right to privacy. The article presents the views held by the Supreme Court with respect to the possibility of considering acts infringing upon the provisions of the Personal Data Protection Act of 1997 (after 24 May 2018) and of the General Data Protection Regulation (after 25 May 2018) as violation of personal interests, such as the right to privacy. The author shared the view of the case law stating that, if in specifc circumstances the processing of personal data violates the right to privacy, the party concerned may seek remedy on the grounds of Articles 23 and 24 of the Polish Civil Code. This position isalso relevant after the entry into force of the GDPR which, in a comprehensive and exhaustive manner, directly applicable in all Member States, regulates the issue of liability under civil law for infringements of the provisions of the Regulation, however, according to the position expressed in professional literature, it does not exclude the concurrence of claims and violation of the provisions on the protection of personal interests caused by a specifc event. In case of improper processing of personal data, the remedies available under domestic law on the protection of personal interests may be of particular importance outside the subject matter scope of the GDPR applicability. 

scholarly journals OpenEHR and General Data Protection Regulation: Evaluation of Principles and Requirements (Preprint)

2018 ◽  
Author(s):  
Duarte Gonçalves-Ferreira ◽  
Mariana Sousa ◽  
Gustavo M Bacelar-Silva ◽  
Samuel Frade ◽  
Luís Filipe Antunes ◽  
...  
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Design Principles ◽  
Security And Privacy ◽  
The European Union ◽  
Health Records ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
General Data ◽  
The Common

BACKGROUND Concerns about privacy and personal data protection resulted in reforms of the existing legislation in the European Union (EU). The General Data Protection Regulation (GDPR) aims to reform the existing directive on the topic of personal data protection of EU citizens with a strong emphasis on more control of the citizens over their data and in the establishment of rules for the processing of personal data. OpenEHR is a standard that embodies many principles of interoperable and secure software for electronic health records (EHRs) and has been advocated as the best approach for the development of hospital information systems. OBJECTIVE This study aimed to understand to what extent the openEHR standard can help in the compliance of EHR systems to the GDPR requirements. METHODS A list of requirements for an EHR to support GDPR compliance and also a list of the openEHR design principles were made. The requirements were categorized and compared with the principles by experts on openEHR and GDPR. RESULTS A total of 50 GDPR requirements and 8 openEHR design principles were identified. The openEHR principles conformed to 30% (15/50) of GDPR requirements. All the openEHR principles were aligned with GDPR requirements. CONCLUSIONS This study showed that the openEHR principles conform well to GDPR, underlining the common wisdom that truly realizing security and privacy requires it to be built in from the start. By using an openEHR-based EHR, the institutions are closer to becoming compliant with GDPR while safeguarding the medical data.

scholarly journals Social credit mechanisms and modern standards of legal protection of personal data: correspondence problems

2021 ◽  
pp. 174-189
Author(s):  
Roman Z. Rouvinsky
Keyword(s):  
Public Administration ◽  
Data Protection ◽  
Management Practices ◽  
Personal Information ◽  
Personal Data ◽  
Legal Protection ◽  
The European Union ◽  
Credit System ◽  
General Data Protection Regulation ◽  
Social Credit

The subject of this article is the problem of correspondence of the practices of digital profiling and social score, which imply collection and analysis of biographical (reputational) information, to the worldwide-accepted standards of protection of personal data and privacy. Analysis is conducted on the legislation of the People's Republic of China – the country that in recent years has implemented the “Social Credit System” in the sphere of public administration. This project consists of management practices, which are viewed through the prism of the legal model of personal data protection formed by the Law in Protection of Personal Information adopted in 2021. The peculiarity of this research is its comparative legal nature: the provisions of China’s legislation are juxtaposed to the provisions of the General Data Protection Regulation adopted in the European Union and Russia’s Federal Law “On Personal Data”. Assessment is given to the European and Russian models of regulation of operations with personal data in the context of possible implementation of digital profiling practices, social score (ranking, grading), and automated law enforcement decision-making. Having determined the gaps in the current Russian and EU legislation on personal data, and indicating the risk caused by the presence of blanket rules, the conclusion is made according to which the modern legislation on personal data can be an obstacle for arbitrary use of such data; however, it cannot stop the implementation of innovative technologies, mechanisms and practices that suggest using registry and biographical information of individuals for the purpose of social control into the public administration.

scholarly journals Gender Transition: Is There a Right to Be Forgotten?

2021 ◽  
Author(s):  
Mónica Correia ◽  
Guilhermina Rêgo ◽  
Rui Nunes
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Health Data ◽  
Information Control ◽  
The European Union ◽  
Gender Transition ◽  
General Data Protection Regulation ◽  
Right To Be Forgotten ◽  
And Gender ◽  
The Right

AbstractThe European Union (EU) faced high risks from personal data proliferation to individuals’ privacy. Legislation has emerged that seeks to articulate all interests at stake, balancing the need for data flow from EU countries with protecting personal data: the General Data Protection Regulation. One of the mechanisms established by this new law to strengthen the individual’s control over their data is the so-called “right to be forgotten”, the right to obtain from the controller the erasure of records. In gender transition, this right represents a powerful form of control over personal data, especially health data that may reveal a gender with which they do not identify and reject. Therefore, it is pertinent to discern whether the right to have personal data deleted—in particular, health data—is ethically acceptable in gender transition. Towards addressing the ethical dimensions of the right to be forgotten in this case, this study presents relevant concepts, briefly outlines history, ethics and law of records considering the evolution from paper to electronic format, the main aspects of identity construction and gender identity, and explores the relationship between privacy, data protection/information control and identity projection. Also, it discusses in gender transition the relation between “the right to self-determination”, “the right to delete”, and “the right to identity and individuality”. Conclusions on the ethical admissibility of the ‘right to be forgotten’ to control gender-affirming information are presented.

Sign in / Sign up

Export Citation Format

Share Document