Generalklauseln im Datenschutzrecht

2021 ◽  
Vol 54 (1) ◽  
pp. 1-35
Author(s):  
Nikolaus Marsch ◽  
Timo Rademacher
Keyword(s):  
Data Processing ◽  
Data Protection ◽  
Personal Data ◽  
Constitutional Court ◽  
Sensitive Data ◽  
Public Authorities ◽  
Public Purpose ◽  
Basic Law ◽  
Data Protection Law ◽  
High Degree

German data protection laws all provide for provisions that allow public authorities to process personal data whenever this is ‘necessary’ for the respective authority to fulfil its tasks or, in the case of sensitive data in the meaning of art. 9 GDPR, if this is ‘absolutely necessary’. Therewith, in theory, data protection law provides for a high degree of administrative flexibility, e. g. to cope with unforeseen situations like the Coronavirus pandemic. However, these provisions, referred to in German doctrine as ‘Generalklauseln’ (general clauses or ‘catch-all’-provisions in English), are hardly used, as legal orthodoxy assumes that they are too vague to form a sufficiently clear legal basis for public purpose processing under the strict terms of the German fundamental right to informational self-determination (art. 2‍(1), 1‍(1) German Basic Law). As this orthodoxy appears to be supported by case law of the German Constitutional Court, legislators have dutifully reacted by creating a plethora of sector specific laws and provisions to enable data processing by public authorities. As a consequence, German administrative data protection law has become highly detailed and confusing, even for legal experts, therewith betraying the very purpose of legal clarity and foreseeability that scholars intended to foster by requiring ever more detailed legal bases. In our paper, we examine the reasons that underlie the German ‘ban’ on using the ‘Generalklauseln’. We conclude that the reasons do not justify the ban in general, but only in specific areas and/or processing situations such as security and criminal law. Finally, we list several arguments that do speak in favour of a more ‘daring’ approach when it comes to using the ‘Generalklauseln’ for public purpose data processing.

Surveillance in Public Spaces as a Means of Protecting Security

Cyber Crime ◽  
2013 ◽  
pp. 300-309
Author(s):  
Anna Tsiftsoglou
Keyword(s):  
Data Processing ◽  
Crime Prevention ◽  
Data Protection ◽  
Public Safety ◽  
Personal Data ◽  
Public Spaces ◽  
Security Measure ◽  
Data Protection Authority ◽  
Data Protection Law ◽  
Protection Authority

The Greek Data Protection Authority (DPA) was asked in July 2009 to review a proposed legislation that was exempting personal data processing via camera installations in public spaces from the scope of the Greek Data Protection Law 2472/1997. Such an exemption was justified, among other reasons, for the protection of public safety and crime prevention. This paper examines the legitimacy of this security measure from two angles: European and Greek Law. Furthermore, our analysis focuses on questions of privacy, the concept of public safety and its application, as well as the DPA’s role in safeguarding citizens’ privacy even in city streets.

A Process-based Approach to Informational Privacy and the Case of Big Medical Data

2019 ◽  
Vol 20 (1) ◽  
pp. 257-290 ◽  
Author(s):  
Michael Birnhack
Keyword(s):  
Big Data ◽  
Data Processing ◽  
Human Dignity ◽  
Data Protection ◽  
Linear Logic ◽  
Personal Data ◽  
Medical Data ◽  
Informational Privacy ◽  
Ex Post ◽  
Data Protection Law

Abstract Data protection law has a linear logic, in that it purports to trace the lifecycle of personal data from creation to collection, processing, transfer, and ultimately its demise, and to regulate each step so as to promote the data subject’s control thereof. Big data defies this linear logic, in that it decontextualizes data from its original environment and conducts an algorithmic nonlinear mix, match, and mine analysis. Applying data protection law to the processing of big data does not work well, to say the least. This Article examines the case of big medical data. A survey of emerging research practices indicates that studies either ignore data protection law altogether or assume an ex post position, namely that because they are conducted after the data has already been created in the course of providing medical care, and they use de-identified data, they go under the radar of data protection law. These studies focus on the end-point of the lifecycle of big data: if sufficiently anonymous at publication, the previous steps are overlooked, on the claim that they enjoy immunity. I argue that this answer is too crude. To portray data protection law in its best light, we should view it as a process-based attempt to equip data subjects with some power to control personal data about them, in all phases of data processing. Such control reflects the underlying justification of data protection law as an implementation of human dignity. The process-based approach fits current legal practices and is justified by reflecting dignitarian conceptions of informational privacy.

scholarly journals PERSONAL DATA PROTECTION LAW USED IN MOBILE PHONE SIM CARD REGISTRATION IN INDONESIA

Notaire ◽  
2019 ◽  
Vol 1 (2) ◽  
pp. 267
Author(s):  
Mahendri Putri Sholichah ◽  
Dewi Rumaisa
Keyword(s):  
Data Collection ◽  
Mobile Phone ◽  
Data Protection ◽  
Data Transfer ◽  
Personal Information ◽  
Personal Data ◽  
Sensitive Data ◽  
Personal Data Protection ◽  
Sim Card ◽  
Data Protection Law

The growths of technology make the privacy of personal information become an important issue in most countries, including Indonesia. Utilization of personal data is common things in most of our activity within the cyberspace and in this case, even the advancement of technology cannot neglect the privacy of personal information. The abusing of the data record, especially the data that belongs to the personal data category, the information that exists within this data could go to the public when it is leaked. One of the cases related to the personal data abuse is registration of thirty mobile phone SIM cards using one person’s personal information without the consent of personal information owner. This paper explains about personal data cases related to the mobile phone SIM card registration, and from this case, some issues about the abusing of personal data will be taken as an example to give consideration for legislating personal data protection. Moreover, this paper also explores the purpose of personal data collection, sensitive data collection, limitation of data collection, storage of collected personal data, transfer of collected personal data, and deletion of collected personal data. This paper convinces the urgency drafting of personal data protection law for country likes Indonesia. Therefore it is hoped that this paper will become one of many considerations for the Indonesian government to include personal data protection law into their national legislation program and legislate the personal data protection law in recent times.

Surveillance in Public Spaces as a Means of Protecting Security

2011 ◽  
pp. 93-102 ◽  
Author(s):  
Anna Tsiftsoglou
Keyword(s):  
Data Processing ◽  
Crime Prevention ◽  
Data Protection ◽  
Public Safety ◽  
Personal Data ◽  
Public Spaces ◽  
Security Measure ◽  
Data Protection Authority ◽  
Data Protection Law ◽  
Protection Authority

The Greek Data Protection Authority (DPA) was asked in July 2009 to review a proposed legislation that was exempting personal data processing via camera installations in public spaces from the scope of the Greek Data Protection Law 2472/1997. Such an exemption was justified, among other reasons, for the protection of public safety and crime prevention. This paper examines the legitimacy of this security measure from two angles: European and Greek Law. Furthermore, our analysis focuses on questions of privacy, the concept of public safety and its application, as well as the DPA’s role in safeguarding citizens’ privacy even in city streets.

scholarly journals Global Experience in Regulating Data Protection, Transfer and Storage

2020 ◽  
Vol 15 (3) ◽  
pp. 152-175
Author(s):  
Olga Ismagilova ◽  
Karine Khadzhi
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Trade Flows ◽  
Sensitive Data ◽  
Public Authorities ◽  
Cross Border ◽  
Foreign Countries ◽  
Data Flows ◽  
The Impact ◽  
And Storage

Cross-border data flows management and privacy protection are placed high in the international digital agenda due to unprecedented growth in the volume and pace of data collection, processing, storage and transfer globally. Despite the high importance of data flows regulation and its serious influence on all enterprises involved in digital economy, there is little research conducted in Russia and systemizing the national strategies in this sphere of regulation. The article provides an overview of the existing approaches of different countries to data protection, transfer (cross-border included) and storage, analyses the impact of regulation on international trade flows, and develops proposals for possible measures to reduce costs for companies in the digital age. The research discovers that today most countries of the world regulate personal data and other categories of sensitive data flows through the introduction of either a separate law or data protection provisions in the relevant sectoral laws. The countries’ approaches range from a complete ban on the cross-border transfer of all or certain categories of data to foreign countries to complete liberalization in this area. The most common approach is the introduction of one or several restrictions from the set of measures related to cross-border data transfers: data localization requirement; limitations on the number or type of countries to which sensitive data can be transferred without additional requirements; and the requirement of the personal data subject’s consent or responsible public authorities’ permission.

Importance of Personal Data Protection Law for Commercial Air Transport

2017 ◽  
Vol 2017 (1) ◽  
pp. 35-44
Author(s):  
Dawid Zadura
Keyword(s):  
Data Protection ◽  
Public Information ◽  
Personal Data ◽  
Air Transport ◽  
Civil Aviation ◽  
Aviation Industry ◽  
Personal Data Protection ◽  
It Systems ◽  
Data Protection Law ◽  
The Law

Abstract In the review below the author presents a general overview of the selected contemporary legal issues related to the present growth of the aviation industry and the development of aviation technologies. The review is focused on the questions at the intersection of aviation law and personal data protection law. Massive processing of passenger data (Passenger Name Record, PNR) in IT systems is a daily activity for the contemporary aviation industry. Simultaneously, since the mid- 1990s we can observe the rapid growth of personal data protection law as a very new branch of the law. The importance of this new branch of the law for the aviation industry is however still questionable and unclear. This article includes the summary of the author’s own research conducted between 2011 and 2017, in particular his audits in LOT Polish Airlines (June 2011-April 2013) and Lublin Airport (July - September 2013) and the author’s analyses of public information shared by International Civil Aviation Organization (ICAO), International Air Transport Association (IATA), Association of European Airlines (AEA), Civil Aviation Authority (ULC) and (GIODO). The purpose of the author’s research was to determine the applicability of the implementation of technical and organizational measures established by personal data protection law in aviation industry entities.

The Risk-Based Approach to Data Protection

2020 ◽  
Author(s):  
Raphaël Gellert
Keyword(s):  
Risk Management ◽  
Data Protection ◽  
Personal Data ◽  
Management Tools ◽  
General Data Protection Regulation ◽  
Regulation Theory ◽  
Régulation Theory ◽  
General Data ◽  
Data Protection Law ◽  
The Way

The main goal of this book is to provide an understanding of what is commonly referred to as “the risk-based approach to data protection”. An expression that came to the fore during the overhaul process of the EU’s General Data Protection Regulation (GDPR)—even though it can also be found in other statutes under different acceptations. At its core it consists in endowing the regulated organisation that process personal data with increased responsibility for complying with data protection mandates. Such increased compliance duties are performed through risk management tools. It addresses this topic from various perspectives. In framing the risk-based approach as the latest model of a series of regulation models, the book provides an analysis of data protection law from the perspective of regulation theory as well as risk and risk management literatures, and their mutual interlinkages. Further, it provides an overview of the policy developments that led to the adoption of such an approach, which it discusses in the light of regulation theory. It also includes various discussions pertaining to the risk-based approach’s scope and meaning, to the way it has been uptaken in statutes including key provisions such as accountability and data protection impact assessments, or to its potential and limitations. Finally, it analyses how the risk-based approach can be implemented in practice by providing technical analyses of various data protection risk management methodologies.

scholarly journals Record linkage of routine data with cohorts’ data of infants under European and Portuguese law

2020 ◽  
Vol 30 (Supplement_5) ◽  
Author(s):  
J Doetsch ◽  
I Lopes ◽  
R Redinha ◽  
H Barros
Keyword(s):  
Big Data ◽  
Data Processing ◽  
Data Protection ◽  
Record Linkage ◽  
Data Science ◽  
Personal Data ◽  
Routine Data ◽  
Cohort Data ◽  
Education Data ◽  
Explicit Consent

Abstract The usage and exchange of “big data” is at the forefront of the data science agenda where Record Linkage plays a prominent role in biomedical research. In an era of ubiquitous data exchange and big data, Record Linkage is almost inevitable, but raises ethical and legal problems, namely personal data and privacy protection. Record Linkage refers to the general merging of data information to consolidate facts about an individual or an event that are not available in a separate record. This article provides an overview of ethical challenges and research opportunities in linking routine data on health and education with cohort data from very preterm (VPT) infants in Portugal. Portuguese, European and International law has been reviewed on data processing, protection and privacy. A three-stage analysis was carried out: i) interplay of threefold law-levelling for Record Linkage at different levels; ii) impact of data protection and privacy rights for data processing, iii) data linkage process' challenges and opportunities for research. A framework to discuss the process and its implications for data protection and privacy was created. The GDPR functions as utmost substantial legal basis for the protection of personal data in Record Linkage, and explicit written consent is considered the appropriate basis for the processing sensitive data. In Portugal, retrospective access to routine data is permitted if anonymised; for health data if it meets data processing requirements declared with an explicit consent; for education data if the data processing rules are complied. Routine health and education data can be linked to cohort data if rights of the data subject and requirements and duties of processors and controllers are respected. A strong ethical context through the application of the GDPR in all phases of research need to be established to achieve Record Linkage between cohort and routine collected records for health and education data of VPT infants in Portugal. Key messages GDPR is the most important legal framework for the protection of personal data, however, its uniform approach granting freedom to its Member states hampers Record Linkage processes among EU countries. The question remains whether the gap between data protection and privacy is adequately balanced at three legal levels to guarantee freedom for research and the improvement of health of data subjects.

Sign in / Sign up

Export Citation Format

Share Document