International Transfers of Personal Data

2011 ◽  
pp. 292-315
Author(s):  
Sam De Silva
Keyword(s):  
Data Protection ◽  
Explicit Knowledge ◽  
Personal Information ◽  
Personal Data ◽  
Legal Compliance ◽  
Global Nature ◽  
The Individual ◽  
The Uk ◽  
Data Controller ◽  
International Transfers

Developments in technology and the global nature of business means that personal information about individuals in the UK may often be processed overseas, frequently without the explicit knowledge or consent of those individuals. This raises issues such as the security of such data, who may have access to it and for what purposes and what rights the individual may have to object. The Data Protection Act 1998 provides a standard of protection for personal data, including in respect of personal data that is being transferred outside of the UK. Chapter 18 focus on how a UK data controller (the organisation that controls how and why personal data is processed and is therefore legally responsible for compliance) can fulfil its business and operational requirements in transferring personal data outside the EEA, whilst ensuring legal compliance.

Data protection in the United Kingdom: Part 1

1983 ◽  
Vol 7 (1) ◽  
pp. 15-22 ◽  
Author(s):  
Anne Crook
Keyword(s):  
United Kingdom ◽  
Computer Security ◽  
Data Protection ◽  
Data Privacy ◽  
Personal Information ◽  
The United Kingdom ◽  
Privacy Problem ◽  
The Individual ◽  
The Uk ◽  
The Impact

The United Kingdom Government is about to enact legisla tion for data protection. It is intended that this will safeguard the pnvacy of the individual which is seen to be threatened by the increasing use and capabilities of computerised personal information systems. There are also fears that the British computer and data processing industries will be at a disad vantage when competing in the international market without legislation equivalent to that already operating in other coun tries. The legislation will enable the UK to ratify the Council of Europe Data Protection Convention and to comply with the OECD Guidelines on Transborder Data Flow. Data protection is a valuable example of the interaction of information technology and society. This paper presents an overview of the issues involved. It examines what is meant by data privacy and how that privacy may be infringed by the use of both computerised and manual record systems. The impact of technology on the privacy problem is descnbed, including linkage of computer systems and the contribution of computer security. The need for legislation is discussed, both within the context of the international situation and of the early attempts at domestic legislation.

What Hope for Freedom of Information in the UK?

2006 ◽  
Author(s):  
Andrew McDonald
Keyword(s):  
United Kingdom ◽  
Data Protection ◽  
Personal Information ◽  
Integrated Approach ◽  
Open Government ◽  
Freedom Of Information ◽  
The United Kingdom ◽  
The Family ◽  
The Individual ◽  
The Uk

This chapter assesses freedom of information (FOI) in the United Kingdom. It discusses the terminology associated with FOI, namely, transparency and openness. FOI refers to access to non-personal information; the regulation of personal information is typically governed by privacy or data-protection laws. Some jurisdictions take an integrated approach to both categories of information, but this chapter focuses on information that does not relate primarily to the individual. The family of information statutes – encompassing FOI, privacy, official secrecy and the like – are known collectively as Access to Information laws. Finally, open government is a term close to openness, since both are concerned with systems and delivery.

scholarly journals A LEI GERAL DE PROTEÇÃO DE DADOS COMO INSTRUMENTO DE CONCRETIZAÇÃO DA AUTONOMIA PRIVADA EM UM MUNDO CADA VEZ MAIS TECNOLÓGICO

2019 ◽  
Vol 3 (56) ◽  
pp. 354
Author(s):  
Lucas Gonçalves SILVA ◽  
Bricio Luis da Anunciação MELO
Keyword(s):  
Literature Review ◽  
Data Protection ◽  
Personal Information ◽  
Human Person ◽  
Personal Data ◽  
Self Determination ◽  
General Law ◽  
Private Autonomy ◽  
The Individual ◽  
Technological World

RESUMONo mundo tecnológico, informações pessoais encontram-se dispersas em diversos bancos de dados. A privacidade passou a ser concebida como direito fundamental à autodeterminação informativa, deferindo-se ao indivíduo o controle de seus dados pessoais. Os bancos de dados vulneram a dignidade dos indivíduos, uma vez que há a sua completa exposição e é possível criar um perfil com base em informações que antes permaneciam dispersas. Com base na autonomia privada, a Lei Geral de Proteção de Dados passou a condicionar à anuência do titular a utilização de dados pessoais. Far-se-á uso da técnica de revisão de literatura sobre proteção de dados.PALAVRAS-CHAVE: Autonomia privada; Autodeterminação informativa; Privacidade; Bancos de Dados; Dignidade da pessoa humana.ABSTRACTIn the technological world, personal information is scattered across multiple databases. Privacy was conceived as a fundamental right to informational self-determination, allowing the individual to control their personal data. Databases violate the dignity of individuals, since there is complete exposure and it is possible to create a profile based on information that previously remained scattered. Based on the private autonomy, the General Law of Data Protection became conditioned to the consent of the holder the use of personal data.The literature review technique on data protection will be used.KEYWORDS: Private autonomy; Informative self-determination; Privacy; Databases; Dignity of human person.

scholarly journals Factorial invariance of an information security culture assessment instrument for multinational organisations with operations across data protection jurisdictions

2015 ◽  
Vol 4 (4) ◽  
pp. 47-58 ◽  
Author(s):  
Nico Martins ◽  
Adéle da Veiga
Keyword(s):  
Information Security ◽  
Data Protection ◽  
Personal Information ◽  
Theoretical Perspective ◽  
Factorial Invariance ◽  
Assessment Instrument ◽  
Security And Privacy ◽  
Security Culture ◽  
The Uk ◽  
Information Security Culture

An information security culture is influenced by various factors, one being regulatory requirements. The United Kingdom (UK) has been regulated through the UK Data Protection Act since 1995, whereas South Africa (SA) only promulgated the Protection of Personal Information Act (PoPI) in 2013. Both laws stipulate requirements from an information security perspective with regard to the processing of personal information, however in the UK this has been regulated for a longer period. Consequently, it is to be expected that the information security culture for organisations in the UK will be significantly different from that of SA. This raises the question as to whether the same information security culture assessment (ISCA) instrument could be used in an organisation with offices in both jurisdictions, and whether it might be necessary to customise it according the particular country’s enforcement of information security and privacy-related conditions. This is reviewed, firstly from a theoretical perspective, and secondly a factorial invariance analysis was conducted in a multinational organisation with offices in both the UK and SA, using data from an ISCA questionnaire, to determine possible factorial invariances in terms of the ISCA.

The Right to Privacy and the Protection of Personal Data in a Digital Era and the Age of Information

2012 ◽  
pp. 34-45
Author(s):  
William Bülow ◽  
Misse Wester
Keyword(s):  
Empirical Evidence ◽  
Personal Information ◽  
Personal Data ◽  
Modern Society ◽  
Right To Privacy ◽  
Policy Makers ◽  
The Right To Privacy ◽  
Digital Era ◽  
The Individual ◽  
The Right

As information technology is becoming an integral part of modern society, there is a growing concern that too much data containing personal information is stored by different actors in society and that this could potentially be harmful for the individual. The aim of this contribution is to show how the extended use of ICT can affect the individual’s right to privacy and how the public perceives risks to privacy. Three points are raised in this chapter: first, if privacy is important from a philosophical perspective, how is this demonstrated by empirical evidence? Do individuals trust the different actors that control their personal information, and is there a consensus that privacy can and should be compromised in order to reach another value? Second, if compromises in privacy are warranted by increased safety, is this increased security supported by empirical evidence? Third, the authors will argue that privacy can indeed be a means to increase the safety of citizens and that the moral burden of ensuring and protecting privacy is a matter for policy makers, not individuals. In conclusion, the authors suggest that more nuanced discussion on the concepts of privacy and safety should be acknowledged and the importance of privacy must be seen as an important objective in the development and structure of ICT uses.

The Impact of Data Protection Regulations on Start-Up Enterprises

2021 ◽  
pp. 120-133
Author(s):  
Cumhur Boyacioglu ◽  
Orkun Yıldız
Keyword(s):  
Data Protection ◽  
Personal Information ◽  
Personal Data ◽  
Legal Protection ◽  
Extended Period ◽  
Legal Form ◽  
Legal Traditions ◽  
Legal Problems ◽  
Start Up ◽  
The One

Information is vital for enterprises. However, the usage of information uniquely personal data leads to various legal problems. On the one side, enterprises require free and unlimited usage of personal data as much as possible for their continuity and progression. On the other side, natural and legal persons seek legal protection regarding their personal information or market position. It is challenging to find a fair and reasonable balance that can last for an extended period in such a dynamic field. This article evaluates the general tendencies concerning data usage, sharing, and protection problems considering Start-Up enterprises' situation aside from their legal form. The problems mainly arise in the fields of data protection and unfair competition. Some of the legal problems are also related to intellectual property. Instead of trying to find general and local solutions, it seems more useful to seek and find solutions that shall take the interests of various enterprises and companies from diverse sectors and legal traditions employing good practices. Of course, it is not very easy to reach solutions that will be accepted by all the related parties. The legal solutions should not constraint Start-Up enterprises' innovative progress, as well as meeting related parties' protection and fair trade expectations. Otherwise, privacy violations and abuse of competition will be inevitable.

Internet Privacy from the Individual and Business Perspectives

2008 ◽  
pp. 1360-1365
Author(s):  
Tziporah Stern
Keyword(s):  
Personal Information ◽  
Personal Data ◽  
The Internet ◽  
Right To Privacy ◽  
Internet Privacy ◽  
Data Files ◽  
Community Networking ◽  
The Individual

People have always been concerned about protecting personal information and their right to privacy. It is an age-old concern that is not unique to the Internet. People are concerned with protecting their privacy in various environments, including healthcare, the workplace and e-commerce. However, advances in technology, the Internet, and community networking are bringing this issue to the forefront. With computerized personal data files: a. retrieval of specific records is more rapid; b. personal information can be integrated into a number of different data files; and c. copying, transporting, collecting, storing, and processing large amounts of information are easier.

RFID Technology and its Impact on Privacy

2009 ◽  
pp. 89-107 ◽  
Author(s):  
Tatiana-Eleni Sinodinou
Keyword(s):  
Data Processing ◽  
Personal Information ◽  
Personal Data ◽  
Legal Framework ◽  
Special Focus ◽  
Information Transparency ◽  
Rfid Tag ◽  
Rfid System ◽  
The Individual ◽  
The Right

The present chapter explores privacy issues posed by the use of RFID systems and applications. The existing legal framework for data protection is analyzed in order to discover how general privacy safeguarding principles should be applied in the case of RFIDs, with special focus on the main areas which are going to experience widespread use of such applications. The structure of the chapter is based on a chronological order which follows the consecutive phases of contact and interaction between the individual and the RFID tag. The implementation of a tag to a product or in the human body establishes the first point of contact of the individual with the RFID tag. This stage of data processing is examined in the first part of the chapter. In more particular, this part deals with the application of general principles of fair processing, such as information transparency, the debate about the necessity to require the prior consent of the individual (possible opt-in and opt-out solutions) and the precondition of a clearly defined purpose of the data processing. The symbiosis of the person with the tag is examined in the second part. Indeed, privacy concerns are equally significant during the phase of processing of personal information, even if processing is conducted lawfully, either based on the legal ground of the individual’s consent or justified on another legal basis. The requirement of data quality and the obligation to secure the RFID system against unauthorized interceptions or alterations of data by third parties constitute essential guarantees of fair data processing. Privacy protection in the activation phase of the tag is also ensured by the obligation to inform the tagged individual every time a reading takes place and by the right to verify the accuracy of the tag data, whether stored from the beginning or added at a later date. Finally, the last part of the chapter examines the legal regime of separation between the person and the tag. This phase refers to the termination of the processing either by act of the data subject or by act of the RFID system controller. The focus is given to the exercise of the right to object to the processing of personal data through RFID devices. In this context practical solutions, such as the “tag kill” or “tag sleep” command should be taken into consideration in order to the make the exercise of the right to object feasible.

Delimiting the concept of personal data after the GDPR

Legal Studies ◽  
2019 ◽  
Vol 39 (3) ◽  
pp. 517-532
Author(s):  
Benjamin Wong
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Direct Application ◽  
The Uk ◽  
The Eu

AbstractThis paper explains how the concept of personal data should be delimited. Certainty on this matter is crucial, as it determines the material scope of the data protection obligations. The primary boundary delimiting the scope of personal data is the requirement that personal data ‘relate to’ an individual. The courts of the UK and the EU have sought to delineate this boundary, but there are serious difficulties in the present approaches that have emerged thus far. Two possible ways forward are suggested, taking into account the implications of the direct application of the GDPR in the UK.

Sign in / Sign up

Export Citation Format

Share Document