Surveillance in Public Spaces as a Means of Protecting Security

Data Protection Law ◽

The Greek Data Protection Authority (DPA) was asked in July 2009 to review a proposed legislation that was exempting personal data processing via camera installations in public spaces from the scope of the Greek Data Protection Law 2472/1997. Such an exemption was justified, among other reasons, for the protection of public safety and crime prevention. This paper examines the legitimacy of this security measure from two angles: European and Greek Law. Furthermore, our analysis focuses on questions of privacy, the concept of public safety and its application, as well as the DPA’s role in safeguarding citizens’ privacy even in city streets.

A Review of Personal Data Protection Law in Indonesia

10.31219/osf.io/tmnwg ◽

2020 ◽

Author(s):

Muhammad Firdaus

Keyword(s):

Data Protection ◽

House Of Representatives ◽

Personal Data ◽

Privacy Rights ◽

Legal Rules ◽

Personal Data Protection ◽

Personal Dignity ◽

Individual Ability ◽

The importance of protecting personal data issue starts strengthened along with the increasing number of telephone user mobile and internet in Indonesia. Several cases were sticking out, especially those that have a connection with the leak of personal data and leads to fraud or crime, strengthen the discourse on the importance of making legal rules to protect personal data. In Indonesia, the protection of personal data is related to the concept of privacy, which is the idea of safeguarding the integrity and personal dignity. Privacy rights are also an individual ability to determine who is holding their information and how the information is used. Currently, Indonesia’s long-awaited comprehensive draft Law on the Protection of Personal Data has been submitted by President Joko Widodo to the Chairperson of the Indonesian House of Representatives on January 24th, 2020. When passed, it will be the first framework legislation on personal data protection in Indonesia. This paper discusses and summarizes the progress of personal data protection based on the law and the regulatory authority in Indonesia. The result shows that there is a lack of explanation of the term data protection authority (DPA) in the final Bill submitted.

US tech majors will face more EU privacy challenges

Emerald Expert Briefings ◽

10.1108/oxan-db199156 ◽

2015 ◽

Keyword(s):

Data Protection ◽

Personal Data ◽

Content Type ◽

User Adaptation ◽

Technology Firms ◽

Full Compliance ◽

Sensitive Issues ◽

Protection Authority ◽

The Eu

Subject Action by European regulators and courts against US technology firms. Significance The Hamburg state data protection authority this month rejected an appeal by Google against the authority's decision requiring changes to Google's handling of users' personal data. This latest action comes as negotiations on new EU data-protection rules have reached a critical stage. These are raising questions about the transatlantic handling of personal data, an increasingly important resource commercially and politically. Impacts Policy differences within the EU will make it hard for the bloc to reach agreement on its proposed new data-protection rules this year. Given that user adaptation to any new EU regime will take at least two years, full compliance will not occur before 2018. Data protection will remain the most sensitive issues in transatlantic tensions over internet governance. Privacy and data-protection campaigners will try to block any transatlantic agreements on these issues, via legislative or judicial means.

Generalklauseln im Datenschutzrecht

Die Verwaltung ◽

10.3790/verw.54.1.1 ◽

2021 ◽

Vol 54 (1) ◽

pp. 1-35

Author(s):

Nikolaus Marsch ◽

Timo Rademacher

Keyword(s):

Data Processing ◽

Data Protection ◽

Personal Data ◽

Constitutional Court ◽

Sensitive Data ◽

Public Authorities ◽

Public Purpose ◽

Basic Law ◽

Data Protection Law ◽

High Degree

German data protection laws all provide for provisions that allow public authorities to process personal data whenever this is ‘necessary’ for the respective authority to fulfil its tasks or, in the case of sensitive data in the meaning of art. 9 GDPR, if this is ‘absolutely necessary’. Therewith, in theory, data protection law provides for a high degree of administrative flexibility, e. g. to cope with unforeseen situations like the Coronavirus pandemic. However, these provisions, referred to in German doctrine as ‘Generalklauseln’ (general clauses or ‘catch-all’-provisions in English), are hardly used, as legal orthodoxy assumes that they are too vague to form a sufficiently clear legal basis for public purpose processing under the strict terms of the German fundamental right to informational self-determination (art. 2‍(1), 1‍(1) German Basic Law). As this orthodoxy appears to be supported by case law of the German Constitutional Court, legislators have dutifully reacted by creating a plethora of sector specific laws and provisions to enable data processing by public authorities. As a consequence, German administrative data protection law has become highly detailed and confusing, even for legal experts, therewith betraying the very purpose of legal clarity and foreseeability that scholars intended to foster by requiring ever more detailed legal bases. In our paper, we examine the reasons that underlie the German ‘ban’ on using the ‘Generalklauseln’. We conclude that the reasons do not justify the ban in general, but only in specific areas and/or processing situations such as security and criminal law. Finally, we list several arguments that do speak in favour of a more ‘daring’ approach when it comes to using the ‘Generalklauseln’ for public purpose data processing.

Facebook Ireland Ltd. / Facebook Inc. v Independent Data Protection Authority of Schleswig-Holstein, Germany--Facebook is not subject to German data protection law

International Data Privacy Law ◽

10.1093/idpl/ipt007 ◽

2013 ◽

Vol 3 (3) ◽

pp. 210-212 ◽

Cited By ~ 2

Author(s):

C. Piltz

Keyword(s):

Data Protection ◽

Independent Data ◽

Data Protection Law ◽

German Data ◽

Brazil’s data protection failings may harm innovation

Emerald Expert Briefings ◽

10.1108/oxan-db243546 ◽

2019 ◽

Keyword(s):

Data Protection ◽

Digital Economy ◽

Content Type ◽

General Data Protection Regulation ◽

Protection Legislation ◽

General Data ◽

Data Protection Law ◽

Set Up ◽

Subject Brazil's new data protection law. Significance Brazil’s General Data Protection Law (LGPD) will come into effect in August 2020. Largely mirroring the EU’s General Data Protection Regulation (GDPR), the new legislation seeks to strengthen citizen privacy while also giving legal certainty to businesses engaging in data transfers. However, unlike EU jurisdictions, Brazil will not set up an autonomous data authority to enforce its legislation. Rather, its new National Data Protection Authority (ANPD) will be directly linked to the presidency and have no budgetary independence. Impacts A reduced talent pool will limit the growth of Brazilian firms in the digital economy. Shortages of relevant talent will affect companies’ ability to innovate. The shortcomings of Brazil’s data protection legislation could add a serious hurdle to the development of its digital economy.

A Process-based Approach to Informational Privacy and the Case of Big Medical Data

Theoretical Inquiries in Law ◽

10.1515/til-2019-0009 ◽

2019 ◽

Vol 20 (1) ◽

pp. 257-290 ◽

Cited By ~ 1

Author(s):

Michael Birnhack

Keyword(s):

Big Data ◽

Data Processing ◽

Human Dignity ◽

Data Protection ◽

Linear Logic ◽

Personal Data ◽

Medical Data ◽

Informational Privacy ◽

Ex Post ◽

Data Protection Law

Abstract Data protection law has a linear logic, in that it purports to trace the lifecycle of personal data from creation to collection, processing, transfer, and ultimately its demise, and to regulate each step so as to promote the data subject’s control thereof. Big data defies this linear logic, in that it decontextualizes data from its original environment and conducts an algorithmic nonlinear mix, match, and mine analysis. Applying data protection law to the processing of big data does not work well, to say the least. This Article examines the case of big medical data. A survey of emerging research practices indicates that studies either ignore data protection law altogether or assume an ex post position, namely that because they are conducted after the data has already been created in the course of providing medical care, and they use de-identified data, they go under the radar of data protection law. These studies focus on the end-point of the lifecycle of big data: if sufficiently anonymous at publication, the previous steps are overlooked, on the claim that they enjoy immunity. I argue that this answer is too crude. To portray data protection law in its best light, we should view it as a process-based attempt to equip data subjects with some power to control personal data about them, in all phases of data processing. Such control reflects the underlying justification of data protection law as an implementation of human dignity. The process-based approach fits current legal practices and is justified by reflecting dignitarian conceptions of informational privacy.

A Study on Direction of Legislation Improvement of Data Protection Law of Korea by comparing to GDPR and 2018 BDSG - Focusing on conditions of general personal data and special categories of personal data processing, processing and exclusion area, transfer personal data to a third country-

LAW RESEARCH INSTITUTE CHUNGBUK NATIONAL UNIVERSITY ◽

10.34267/cblj.2018.29.2.465 ◽

2018 ◽

Vol 29 (2) ◽

pp. 465-499

Author(s):

Gyeo Cheol Lim

Keyword(s):

Data Processing ◽

Data Protection ◽

Personal Data ◽

Data Protection Law

Before and after enforcement of GDPR

Biochemia Medica ◽

10.11613/bm.2020.030201 ◽

2020 ◽

Vol 30 (3) ◽

pp. 363-370

Author(s):

Livia Puljak ◽

Anamarija Mladinić ◽

Ron Iphofen ◽

Zvonimir Koporc

Keyword(s):

Data Protection ◽

Academic Research ◽

Personal Data ◽

Research Institutions ◽

General Data Protection Regulation ◽

Personal Data Protection ◽

Before And After ◽

General Data ◽

Introduction The European Union’s (EU) General Data Protection Regulation (GDPR) was put in force on 25th May 2018. It is not known how many personal data protection requests the national authority in Croatia had received before and after GDPR, and how many of those were related to research. Materials and methods We obtained data from the Croatian Personal Data Protection Agency (CPDPA) about requests/complaints related to personal data protection that were received specifically from academic/research institutions, specifically the number and type of all cases/requests between the years 2015-2019. Results In 2018, CPDPA had a dramatic increase in the number of requests in the post-GDPR period, compared to the pre-GDPR period of the same year. In 2019, CPDPA received 2718 requests/complaints; less than in the year 2018. From 2015 to 2019, CPDPA received only 37 requests related to research. Conclusions Very few requests about personal data protection from academic and research institutions in Croatia were submitted to the national Croatian data protection authority. Future studies could explore whether researchers have sufficient awareness and knowledge about personal data protection related to research, to adequately implement the GDPR regulations.

Importance of Personal Data Protection Law for Commercial Air Transport

Transactions on Aerospace Research ◽

10.2478/tar-2017-0004 ◽

2017 ◽

Vol 2017 (1) ◽

pp. 35-44

Author(s):

Dawid Zadura

Keyword(s):

Data Protection ◽

Public Information ◽

Personal Data ◽

Air Transport ◽

Civil Aviation ◽

Aviation Industry ◽

Personal Data Protection ◽

It Systems ◽

Data Protection Law ◽

The Law

Abstract In the review below the author presents a general overview of the selected contemporary legal issues related to the present growth of the aviation industry and the development of aviation technologies. The review is focused on the questions at the intersection of aviation law and personal data protection law. Massive processing of passenger data (Passenger Name Record, PNR) in IT systems is a daily activity for the contemporary aviation industry. Simultaneously, since the mid- 1990s we can observe the rapid growth of personal data protection law as a very new branch of the law. The importance of this new branch of the law for the aviation industry is however still questionable and unclear. This article includes the summary of the author’s own research conducted between 2011 and 2017, in particular his audits in LOT Polish Airlines (June 2011-April 2013) and Lublin Airport (July - September 2013) and the author’s analyses of public information shared by International Civil Aviation Organization (ICAO), International Air Transport Association (IATA), Association of European Airlines (AEA), Civil Aviation Authority (ULC) and (GIODO). The purpose of the author’s research was to determine the applicability of the implementation of technical and organizational measures established by personal data protection law in aviation industry entities.