GEOGRAPHIC DATA AS PERSONAL DATA IN FOUR EU MEMBER STATES

The EU Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data aims at harmonising data protection legislation in the European Union. This should promote the free flow of products and services within the EU. This research found a wide variety of interpretations of the application of data protection legislation to geographic data. The variety was found among the different EU Member States, the different stakeholders and the different types of geographic data. In the Netherlands, the Data Protection Authority (DPA) states that panoramic images of streets are considered personal data. While Dutch case law judges that the data protection legislation does not apply if certain features are blurred and no link to an address is provided. The topographic datasets studied in the case studies do not contain personal data, according to the Dutch DPA, while the German DPA and the Belgian DPA judge that topographic maps of a large scale can contain personal data, and impose conditions on the processing of topographic maps. The UK DPA does consider this data outside of the scope of legal definition of personal data. The patchwork of differences in data protection legislation can be harmonised by using a traffic light model. This model focuses on the context in which the processing of the data takes place and has four categories of data: (1) sensitive personal data, (2) personal data, (3), data that can possibly lead to identification, and (4) non-personal data. For some geographic data, for example factual data that does not reveal sensitive information about a person, can be categorised in the third category giving room to opening up data under the INSPIRE Directive.

Download Full-text

GEOGRAPHIC DATA AS PERSONAL DATA IN FOUR EU MEMBER STATES

ISPRS Annals of Photogrammetry Remote Sensing and Spatial Information Sciences ◽

10.5194/isprsannals-iii-2-151-2016 ◽

2016 ◽

Vol III-2 ◽

pp. 151-157

Author(s):

A. J. de Jong ◽

B. van Loenen ◽

J. A. Zevenbergen

Keyword(s):

Data Protection ◽

Large Scale ◽

Personal Data ◽

Topographic Maps ◽

Member States ◽

Eu Member States ◽

Eu Directive ◽

Geographic Data ◽

Protection Legislation ◽

The Eu

Download Full-text

The protection of customer personal data as an element of entrepreneurs’ ethical conduct

Annales Etyka w życiu gospodarczym ◽

10.18778/1899-2226.21.7.02 ◽

2018 ◽

Vol 21 (7) ◽

pp. 27-44

Author(s):

Ewa Kulesza

Keyword(s):

Data Protection ◽

Personal Data ◽

Business Practices ◽

Process Data ◽

Member States ◽

Eu Member States ◽

Eu Directive ◽

The Law ◽

The Right ◽

The Eu

The right to the protection of personal data, which is part of the right to privacy, is a fundamental human right. Thus, its guarantees were included in the high-level regulations of the European Union as well as the legal norms of the EU Member States. The first Polish law regulating the protection of personal data was adopted in 1997 as the implementation of EU Directive 95/46. The law imposed a number of obligations on public and private entities which process personal data in order to protect the rights of data subjects and, in particular, to guarantee them the ability to control the correctness of processing of their personal data. Therefore, the law obliged data controllers to process data only on the basis of the premises indicated in the legislation, to adequately secure data, and to comply with the disclosure obligation concerning data subjects, including their right to correct false or outdated data or to request removal of data processed in violation of the law. However, as complaints directed by citizens to the supervisory body—the Inspector General for Personal Data Protection—showed, personal data controllers, especially those operating in the private sector, did not comply with the law, acting in a manner that violated their customers’ rights. In the hitherto existing unfair business practices of entrepreneurs, the violations of the data protection provisions that were the most burdensome for customers were related to preventing them from exercising their rights, including the right to control the processing of data, as well as the failure to provide the controller’s business address, which made it impossible for subjects whose data were used in violation of the law or for the inspecting authorities to contact the company, a lack of data security and a failure to follow the procedures required by law, the failure to secure documents containing personal data or their abandonment, a lack of updating customer data, the use of unverified data sets and sending marketing offers to deceased people or incorrect target recipients, and excessive amounts of data requested by controllers. The violations of the rights of data subjects recorded in Poland and other EU Member States—among other arguments—provided inspiration for the preparation of a new legal act in the form of the EU General Data Protection Regulation (GDPR) (which entered into force on 25 May 2018). The extension of the rights of people whose data are processed was combined in the GDPR with the introduction of new legal instruments disciplining data controllers. Instruments in the form of administrative fines and the strongly emphasised possibility to demand compensation for a violation of the right to data protection were directed in particular against economic entities violating the law.

Download Full-text

Article 50 International cooperation for the protection of personal data

The EU General Data Protection Regulation (GDPR) ◽

10.1093/oso/9780198826491.003.0090 ◽

2020 ◽

Author(s):

Christopher Kuner

Keyword(s):

International Cooperation ◽

Data Protection ◽

Personal Data ◽

Member States ◽

Eu Member States ◽

Protection Legislation ◽

Access Information ◽

Article 50 ◽

The Eu

Recital 6; Article 15(1)(c) (Right to access information about data recipients in third countries); Articles 70(1)(v) and (w) (Board’s tasks to facilitate exchanges with supervisory authorities in third countries and exchanges of knowledge on data protection legislation with supervisory authorities worldwide); Article 96 (Relationship with previously concluded agreements of the EU Member States).

Download Full-text

A Comparative Study of the APEC Privacy Framework- A New Voice in the Data Protection Dialogue?

Asian Journal of Comparative Law ◽

10.1017/s2194607800000181 ◽

2008 ◽

Vol 3 ◽

pp. 1-44

Author(s):

Johanna G. Tan

Keyword(s):

Comparative Study ◽

Data Protection ◽

Personal Data ◽

Eu Member States ◽

Cross Border ◽

Eu Directive ◽

Free Flow Of Information ◽

International Conventions ◽

Flow Of Information ◽

The Eu

AbstractThe dialogue on data protection has so far been dominated by European and American voices. There are currently a few international conventions in place such as the Council of Europe's 1981 Convention for the Protection of Individuals with regard to the Automatic processing of personal data, the 1980 OECD Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data , which apply to 30 OECD countries, and the EU Directive 95/46/EC on the protection of individuals with regard to the processing of personal data, which binds EU member states but has had some impact on non-European countries due to the restriction on cross border flow of information.This has changed with the emergence of the APEC Privacy Framework in 2004 which focuses on the importance of the free flow of information in the digital age. Does the APEC Privacy Framework have anything of value to add or does it dilute the standards already in place? This article will examine these questions and argue that perhaps the APEC Privacy Framework is the first step towards a truly global standard for data protection.

Download Full-text

The practice of imposing administrative fines by the State Data Protection Inspectorate in the context of other EU Member States

Socialiniai tyrimai ◽

10.15388/soctyr.44.2.10 ◽

2021 ◽

Vol 44 (2) ◽

pp. 153-169

Author(s):

Aurimas Šidlauskas

Keyword(s):

Data Protection ◽

Personal Data ◽

The State ◽

General Context ◽

Member States ◽

State Data ◽

General Data Protection Regulation ◽

Supervisory Authority ◽

Eu Member States ◽

The Eu

The implementation of the EU General Data Protection Regulation (hereinafter referred to as the Regulation), which, among other things, aims to eliminate disparities between national systems and to alleviate unnecessary administrative burdens, began on 25 May 2018. Each Member State is to ensure that there is one or more independent public authorities (hereinafter referred to as the supervisory authority) responsible for monitoring the implementation of the Regulation. In Lithuania, personal data protection is supervised by two authorities, namely by the State Data Protection Inspectorate (hereinafter referred to as the SDPI) and by the Office of the Inspector of Journalist Ethics. The powers conferred on the supervisory authorities by the Regulation are greater and broader in scope than those granted under previous data protection legislation. Organizations which process personal data must ensure compliance with the requirements laid down in the Regulation. A supervisory authority that violates the provisions of the Regulation may be faced with heavy administrative fines and other sanctions. This article analyzes the practice of imposing administrative fines in the EU and in Lithuania as compared to other EU Member States. The author of the article believes that evaluating the practice of imposing administrative fines by the SDPI within the general context of the EU shall enable one to search for the reasons behind the current situation, as well as to improve the processes the SDPI employs to perform functions associated with data protection supervision. The article uses generalization and comparative analysis of scientific literature, legal documents and statistical data.

Download Full-text

The EU General Data Protection Regulation: How will it impact the regulation of research biobanks? Setting the legal frame in the Mediterranean and Eastern European area

Medical Law International ◽

10.1177/0968533218765044 ◽

2018 ◽

Vol 18 (4) ◽

pp. 241-255 ◽

Cited By ~ 2

Author(s):

Simone Penasa ◽

Iñigo de Miguel Beriain ◽

Carla Barbosa ◽

Anna Białek ◽

Theodora Chortara ◽

...

Keyword(s):

Data Protection ◽

Personal Data ◽

Eastern European ◽

Member States ◽

General Data Protection Regulation ◽

Eu Member States ◽

European Area ◽

General Data ◽

The Mediterranean ◽

The Eu

On 25 May 2018, the EU General Data Protection Regulation (GDPR) will come into force. As with the Data Protection Directive (95/46/EC), the regulation of biobanks for scientific research will be profoundly affected by this reform. Accordingly, a comparative survey of some of the existing national regulatory frameworks is of value to aid understanding of whether and how EU Member States will need to realign their systems to ensure compliance with the new Regulation. This article provides a comparison of the positions of Member States in the Mediterranean and Eastern European area, focusing especially on the existing regulatory framework on biobanks, the definition of personal and genetic data, the pseudonymization process, the processing of personal data for medical research purposes (and its impact on the right to consent of the individuals involved) and the secondary use of such data. The article concludes that effective implementation of the EU GDPR will represent a decisive catalyst for adaptive harmonization of biobanks regulation in the European framework.

Download Full-text

The EU General Data Protection Regulation (GDPR)

10.1093/oso/9780198826491.001.0001 ◽

2020 ◽

Cited By ~ 1

Keyword(s):

Data Protection ◽

Personal Data ◽

Privacy Regulation ◽

General Data Protection Regulation ◽

Data Protection Directive ◽

Ongoing Work ◽

Protection Legislation ◽

Recent Reform ◽

General Data ◽

The Eu

This new book provides an article-by-article commentary on the new EU General Data Protection Regulation. Adopted in April 2016 and applicable from May 2018, the GDPR is the centrepiece of the recent reform of the EU regulatory framework for protection of personal data. It replaces the 1995 EU Data Protection Directive and has become the most significant piece of data protection legislation anywhere in the world. This book is edited by three leading authorities and written by a team of expert specialists in the field from around the EU and representing different sectors (including academia, the EU institutions, data protection authorities, and the private sector), thus providing a pan-European analysis of the GDPR. It examines each article of the GDPR in sequential order and explains how its provisions work, thus allowing the reader to easily and quickly elucidate the meaning of individual articles. An introductory chapter provides an overview of the background to the GDPR and its place in the greater structure of EU law and human rights law. Account is also taken of closely linked legal instruments, such as the Directive on Data Protection and Law Enforcement that was adopted concurrently with the GDPR, and of the ongoing work on the proposed new E-Privacy Regulation.

Download Full-text

The GDPR as Global Data Protection Regulation?

AJIL Unbound ◽

10.1017/aju.2019.80 ◽

2020 ◽

Vol 114 ◽

pp. 5-9 ◽

Cited By ~ 2

Author(s):

Cedric Ryngaert ◽

Mistale Taylor

Keyword(s):

International Law ◽

Data Protection ◽

Personal Data ◽

Fundamental Rights ◽

General Data Protection Regulation ◽

Data Protection Directive ◽

Protection Legislation ◽

General Data ◽

Global Data ◽

The Eu

The deterritorialization of the Internet and international communications technology has given rise to acute jurisdictional questions regarding who may regulate online activities. In the absence of a global regulator, states act unilaterally, applying their own laws to transborder activities. The EU's “extraterritorial” application of its data protection legislation—initially the Data Protection Directive (DPD) and, since 2018, the General Data Protection Regulation (GDPR)—is a case in point. The GDPR applies to “the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to: (a) the offering of goods or services . . . to such data subjects in the Union; or (b) the monitoring of their behaviour . . . within the Union.” It also conditions data transfers outside the EU on third states having adequate (meaning essentially equivalent) data protection standards. This essay outlines forms of extraterritoriality evident in EU data protection law, which could be legitimized by certain fundamental rights obligations. It then looks at how the EU balances data protection with third states’ countervailing interests. This approach can involve burdens not only for third states or corporations, but also for the EU political branches themselves. EU law viewed through the lens of public international law shows how local regulation is going global, despite its goal of protecting only EU data subjects.

Download Full-text

Data Protection in the Federal Republic of Germany and the European Union: An Unequal Playing Field

German Law Journal ◽

10.1017/s207183220001899x ◽

2014 ◽

Vol 15 (3) ◽

pp. 461-494

Author(s):

Anne-Marie Zell

Keyword(s):

European Union ◽

Data Protection ◽

New Technologies ◽

Location Based Services ◽

Federal Republic Of Germany ◽

The European Union ◽

Member States ◽

Eu Member States ◽

Playing Field ◽

The Eu

With the negotiation of its Data Protection Regulation, the European Union seeks to reform an outdated set of laws that has failed to address the evolving data protection challenges inherent in new technologies such as social networks, e-commerce, cloud computing, and location-based services. This article addresses the forthcoming Data Protection Regulation as well as the current state of data protection law in the EU, with a particular focus on Germany. The first part of the article examines Germany's robust data protection framework and the EU's existing authority. The article then raises key issues related to data protection in Germany and the EU—namely, discrepancies in data protection standards and enforcement among EU Member States—as illustrated by recent, high profile cases involving household names like Facebook, Apple, Google, and Amazon. Through this analysis, the article attempts to explain how and why companies doing business in Germany, but established in other EU Member States, are subject to less stringent data protection standards than German companies. Lastly, the article synthesizes the issues in debate with regard to the draft Data Protection Regulation and offers perspectives on what the Regulation could and should mean for data protection in the EU.

Download Full-text

VAT Collection Methods

Acta Universitatis Agriculturae et Silviculturae Mendelianae Brunensis ◽

10.11118/actaun201967030883 ◽

2019 ◽

Vol 67 (3) ◽

pp. 883-895 ◽

Cited By ~ 1

Author(s):

Hana Zídková ◽

Aneta Šťastná

Keyword(s):

Tax Evasion ◽

Large Scale ◽

Current System ◽

Payment Method ◽

Member States ◽

Eu Member States ◽

One Stop ◽

The One ◽

Collection Methods ◽

The Eu

Although, the VAT contributes significantly to tax revenues in all EU Member States, the current VAT system is vulnerable to organized fraud schemes and suffers from large scale tax evasion. The EU Member States and the European Commission are discussing new ways of VAT collection to prevent the evasive and fraudulent practices. This paper aims at the description of different VAT collection methods including their flaws and benefits that are addressed in the available literature. The conclusion is that reverse charge and split payment method are changing the character of the VAT system. The One stop shop system is lacking trust of the EU member states. Therefore, the recommendation is to improve current system by electronic means of reporting.

Download Full-text