scholarly journals The General Data Protection Regulation in Plain Language

2020 ◽  
Author(s):  
Bart Sloot
Keyword(s):  
Data Protection ◽  
The European Union ◽  
Security Measures ◽  
Plain Language ◽  
Process Data ◽  
General Data Protection Regulation ◽  
General Data ◽  
Data Portability ◽  
Right To Information ◽  
The Right

The General Data Protection Regulation in Plain Language is a guide for anyone interested in the much-discussed rules of the GDPR. In this legislation, which came into force in 2018, the European Union meticulously describes what you can and cannot do with data about other people. Violating these rules can lead to a fine of up to 20 million euros. This book sets out the most important obligations of individuals and organisations that process data about others. These include taking technical security measures, carrying out an impact assessment and registering all data-processing procedures within an organisation. It also discusses the rights of citizens whose data are processed, such as the right to be forgotten, the right to information and the right to data portability.

scholarly journals The Right to Data Portability: conception, status quo, and future directions

2021 ◽  
Author(s):  
Sophie Kuebler-Wachendorff ◽  
Robert Luzsa ◽  
Johann Kranz ◽  
Stefan Mager ◽  
Emmanuel Syrmoudis ◽  
...  
Keyword(s):  
Service Providers ◽  
Personal Data ◽  
The European Union ◽  
Future Directions ◽  
General Data Protection Regulation ◽  
Digital Service ◽  
General Data ◽  
Data Portability ◽  
The One ◽  
The Right

AbstractFor almost three years, the General Data Protection Regulation (GDPR) has been granting citizens of the European Union the right to obtain personal data from companies and to transfer these data to another company. The so-called Right to Data Portability (RtDP) promises to significantly reduce switching costs for consumers in digital service markets, provided that its potential is effectively translated into reality. Thus, of all the consumer rights in the GDPR, the RtDP has the potential to be the one with the most significant implications for digital markets and privacy. However, our research shows that the RtDP is barely known among consumers and can currently only be implemented in a fragmented manner—especially with regard to the direct transfer of data between online service providers. We discuss several ways to improve the implementation of this right in the present article.

scholarly journals The exercisability of the right to data portability in the emerging Internet of Things (IoT) environment

2020 ◽  
pp. 146144482093403
Author(s):  
Sarah Turner ◽  
July Galindo Quintero ◽  
Simon Turner ◽  
Jessica Lis ◽  
Leonie Maria Tanczer
Keyword(s):  
Internet Of Things ◽  
Empirical Analysis ◽  
Data Protection ◽  
General Data Protection Regulation ◽  
General Data ◽  
Data Portability ◽  
Iot Devices ◽  
The Right ◽  
Data Subject

The right to data portability (RtDP), as outlined in the European Union’s General Data Protection Regulation (GDPR), enables data subjects to transmit their data from one service to another. This is of particular interest in the evolving Internet of Things (IoT) environment. This research delivers the first empirical analysis detailing the exercisability of the RtDP in the context of consumer IoT devices and the information provided to users about exercising the right. In Study 1, we reviewed 160 privacy policies of IoT producers to understand the level of information provided to a data subject. In Study 2, we tested four widely available IoT systems to examine whether procedures are in place to enable users to exercise the RtDP. Both studies showcase how the RtDP is not yet exercisable in the IoT environment, risking consumers being unable to unlock the long-term benefits of IoT systems.

scholarly journals The Right to Explanation, Explained

2018 ◽  
Author(s):  
Margot Kaminski
Keyword(s):  
Decision Making ◽  
Data Protection ◽  
General Data Protection Regulation ◽  
Data Protection Directive ◽  
Algorithmic Accountability ◽  
Recent Debate ◽  
General Data ◽  
Individual Decisions ◽  
Right To Information ◽  
The Right

Many have called for algorithmic accountability: laws governing decision-making by complex algorithms, or AI. The EU’s General Data Protection Regulation (GDPR) now establishes exactly this. The recent debate over the right to explanation (a right to information about individual decisions made by algorithms) has obscured the significant algorithmic accountability regime established by the GDPR. The GDPR’s provisions on algorithmic accountability, which include a right to explanation, have the potential to be broader, stronger, and deeper than the preceding requirements of the Data Protection Directive. This Essay clarifies, largely for a U.S. audience, what the GDPR actually requires, incorporating recently released authoritative guidelines.

The Right to Be Forgotten in the European Union

2020 ◽  
pp. 485-502
Author(s):  
Miquel Peguera
Keyword(s):  
European Union ◽  
Data Protection ◽  
Search Engines ◽  
The European Union ◽  
Sensitive Data ◽  
General Data Protection Regulation ◽  
National Courts ◽  
Right To Be Forgotten ◽  
General Data ◽  
The Right

This chapter discusses data protection aspects of liability of online intermediaries with special emphasis on the right to be forgotten as developed by the Court of Justice of the European Union (CJEU) and later by national courts in Europe. It considers also relevant provisions within the General Data Protection Regulation and how they affect online intermediaries’ activities. This chapter briefly considers two manifestations of the right to be forgotten as they are being currently applied in the EU. First, the right to be forgotten vis-à-vis internet search engines; that is, the right to be delisted from search results. Secondly, the right-to-be-forgotten claims directed against primary publishers to have the information deleted or anonymized at the source. In doing so, this chapter will point to hotly debated issues, recently addressed by the CJEU, such as the geographical scope of the right to be forgotten, that is its possible extraterritorial application, and the prohibition of processing of sensitive data that should theoretically apply to all data controllers, including those online intermediaries that qualify as such. This chapter also considers how balancing of rights should occur when right-to-be-forgotten claims to delist content are brought against search engines or publishers.

scholarly journals Individual Rights in Biobank Research Under the GDPR

2021 ◽  
pp. 91-104
Author(s):  
Ciara Staunton
Keyword(s):  
Data Protection ◽  
Biological Data ◽  
Individual Rights ◽  
General Data Protection Regulation ◽  
Biobank Research ◽  
General Data ◽  
Data Portability ◽  
The Individual ◽  
The Right ◽  
Automated Decision Making

AbstractThe coming into force of the General Data Protection Regulation (GDPR) on 25 May 2018 has brought about considerable changes in how data may collected, stored and used. Biobanks, which require the collection, use and re-use of large quantities of biological samples and data, will be affected by the proposed changes. In seeking to require ‘data protection by design’, the GDPR provides data subjects with certain individual rights. They are, the right to be informed, the right of access, the right to rectification, the right to erasure, the right to restrict processing, the right to data portability, the right to object and rights in relation to automated decision making and profiling.This chapter will consider each of these individual rights in turn and discuss the impact on biobank research. In particular, it will discuss the challenges that are now facing biobanks in upholding the individual rights, the limits of these rights in light of the technical realities of biobanks, and the potential impact that they may have on the collection, sharing, use and re-use of biological data and material.

scholarly journals Slave to the Algorithm? Why a 'right to an explanation' is probably not the remedy you are looking for

2017 ◽  
Author(s):  
Lilian Edwards ◽  
Michael Veale
Keyword(s):  
Data Protection ◽  
Design Data ◽  
General Data Protection Regulation ◽  
Law And Technology ◽  
Computer Scientists ◽  
General Data ◽  
Data Portability ◽  
The Right ◽  
War Stories ◽  
The Eu

Cite as Lilian Edwards and Michael Veale, 'Slave to the Algorithm? Why a 'right to an explanation' is probably not the remedy you are looking for' (2017) 16 Duke Law and Technology Review 18–84. (First posted on SSRN 24 May 2017)Algorithms, particularly machine learning (ML) algorithms, are increasingly important to individuals’ lives, but have caused a range of concerns revolving mainly around unfairness, discrimination and opacity. Transparency in the form of a “right to an explanation” has emerged as a compellingly attractive remedy since it intuitively promises to “open the black box” to promote challenge, redress, and hopefully heightened accountability. Amidst the general furore over algorithmic bias we describe, any remedy in a storm has looked attractive.However, we argue that a right to an explanation in the EU General Data Protection Regulation (GDPR) is unlikely to present a complete remedy to algorithmic harms, particularly in some of the core “algorithmic war stories” that have shaped recent attitudes in this domain. Firstly, the law is restrictive, unclear, or even paradoxical concerning when any explanation-related right can be triggered. Secondly, even navigating this, the legal conception of explanations as “meaningful information about the logic of processing” may not be provided by the kind of ML “explanations” computer scientists have developed, partially in response. ML explanations are restricted both by the type of explanation sought, the dimensionality of the domain and the type of user seeking an explanation. However, “subject-centric" explanations (SCEs) focussing on particular regions of a model around a query show promise for interactive exploration, as do explanation systems based on learning a model from outside rather than taking it apart (pedagogical vs decompositional explanations ) in dodging developers' worries of IP or trade secrets disclosure.Based on our analysis, we fear that the search for a “right to an explanation” in the GDPR may be at best distracting, and at worst nurture a new kind of “transparency fallacy.” But all is not lost. We argue that other parts of the GDPR related (i) to the right to erasure ("right to be forgotten") and the right to data portability; and (ii) to privacy by design, Data Protection Impact Assessments and certification and privacy seals, may have the seeds we can use to make algorithms more responsible, explicable, and human-centred.

scholarly journals Data Profiling and Elections: Has Data-Driven Political Campaign Gone Too Far?

2019 ◽  
Vol 3 (1) ◽  
pp. 95
Author(s):  
Alia Yofira Karunian ◽  
Helka Halme ◽  
Ann-Marie Söderholm
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Data Driven ◽  
The European Union ◽  
Political Campaign ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
Data Profiling ◽  
Right To Information ◽  
The Right

In the age of digitalization, data-driven political campaign has rapidly shifted into sophisticated data profiling and big data analysis. In Indonesia, the privacy implications of data profiling for political purposes have not been thoroughly studied, much less regulated. This paper aims to conduct a comparative regulatory study between the European Union General Data Protection Regulation (EU GDPR) and Indonesian laws concerning personal data protection in facing the growing practice of data profiling for political purposes. In conclusion, in order to prevent unfair and non-transparent data profiling for political purposes in the upcoming 2019 general election, Indonesia should enact a comprehensive data protection law which provides data subjects with the right to information related to profiling and establishing independent supervisory authority.      

scholarly journals How Has the General Data Protection Regulation Changed the Routine of a Public Authority in Romania?

2020 ◽  
Vol 3 (1) ◽  
pp. 17
Author(s):  
Kajcsa Andrea
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Public Authorities ◽  
General Data Protection Regulation ◽  
General Data ◽  
Data Portability ◽  
The Right ◽  
The Impact ◽  
The Eu ◽  
Public Bodies

The changes that have been brought about by the General Data Protection Regulation starting with May 2018 are complex and ambitious. The General Data Protection Regulation is one of the most wide ranging pieces of legislation passed by the EU in recent years, and it introduces many concepts that are yet to be fully discovered in practice, such as the right to be forgotten, data portability and data breach notification. This paper intends to analyze the main obligations that public bodies, particularly, have after the GDPR has entered into force, and to evaluate the impact this legislative act has on the routine activities carried out by public authorities in Romania. To reach our goal, we will make reference to the obligations that are specific to public administration authorities as well as to those that public bodies are exempted from. We will also analyze the national legislative measures adopted in Romania after GDPR started to be in force, and the degree to which these have particularized the way public bodies are allowed and obliged to process personal data in Romania.

scholarly journals Data Sharing Under the General Data Protection Regulation

Hypertension ◽  
2021 ◽  
Vol 77 (4) ◽  
pp. 1029-1035
Author(s):  
Antonia Vlahou ◽  
Dara Hallinan ◽  
Rolf Apweiler ◽  
Angel Argiles ◽  
Joachim Beige ◽  
...  
Keyword(s):  
European Union ◽  
Data Protection ◽  
Personal Data ◽  
Research Approach ◽  
The European Union ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
Protection Legislation ◽  
General Data ◽  
Almost All

The General Data Protection Regulation (GDPR) became binding law in the European Union Member States in 2018, as a step toward harmonizing personal data protection legislation in the European Union. The Regulation governs almost all types of personal data processing, hence, also, those pertaining to biomedical research. The purpose of this article is to highlight the main practical issues related to data and biological sample sharing that biomedical researchers face regularly, and to specify how these are addressed in the context of GDPR, after consulting with ethics/legal experts. We identify areas in which clarifications of the GDPR are needed, particularly those related to consent requirements by study participants. Amendments should target the following: (1) restricting exceptions based on national laws and increasing harmonization, (2) confirming the concept of broad consent, and (3) defining a roadmap for secondary use of data. These changes will be achieved by acknowledged learned societies in the field taking the lead in preparing a document giving guidance for the optimal interpretation of the GDPR, which will be finalized following a period of commenting by a broad multistakeholder audience. In parallel, promoting engagement and education of the public in the relevant issues (such as different consent types or residual risk for re-identification), on both local/national and international levels, is considered critical for advancement. We hope that this article will open this broad discussion involving all major stakeholders, toward optimizing the GDPR and allowing a harmonized transnational research approach.

Sign in / Sign up

Export Citation Format

Share Document