scholarly journals Political Micro-Targeting in Kenya: An Analysis of the Legality of Data-Driven Campaign Strategies under the Data Protection Act

2021 ◽  
Vol 1 (1) ◽  
pp. 7-36
Author(s):  
Hashim Mude
Keyword(s):  
Political Parties ◽  
Data Protection ◽  
Political Party ◽  
Data Analytics ◽  
Personal Data ◽  
Data Driven ◽  
Campaign Strategies ◽  
Data Profiling ◽  
Targeted Messages ◽  
Data Subject

The 2013 general election marked the entry of data-driven campaigning into Kenyan politics as political parties begun collecting and storing voter data. More sophisticated techniques were deployed in 2017 as politicians retained the services of data analytics firms such as Cambridge Analytica, accused of digital colonialism and undermining democracies. It is alleged that political parties engaged in regular targeting and more intrusive micro-targeting, facilitated by the absence of a data protection legal framework.The promulgation of the Data Protection Act, 2019, ostensibly remedied this gap. This paper analyses whether, and to what extent, political parties can rely on the same–or similar– regular targeting and micro-targeting techniques in subsequent elections. While regular targeting differs from micro-targeting as the latter operates at a more granular level, both comprise of three steps- collecting a voter’s personal data, profiling them, and sending out targeted messages. This paper considers the legality of each of these steps in turn. It finds that going forward, such practices will likely require the consent of the data subject. However, the Act provides for several exceptions which political parties could abuse to circumvent this requirement. There are also considerable loopholes that allow open access to voter data in the electoral list as well as the personal data of the members of a rival political party. The efficacy of the Data Protection Act will largely rest on whether the Data Protection Commissioner will interpret it progressively and hold political parties to account.

scholarly journals Data Profiling and Elections: Has Data-Driven Political Campaign Gone Too Far?

2019 ◽  
Vol 3 (1) ◽  
pp. 95
Author(s):  
Alia Yofira Karunian ◽  
Helka Halme ◽  
Ann-Marie Söderholm
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Data Driven ◽  
The European Union ◽  
Political Campaign ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
Data Profiling ◽  
Right To Information ◽  
The Right

In the age of digitalization, data-driven political campaign has rapidly shifted into sophisticated data profiling and big data analysis. In Indonesia, the privacy implications of data profiling for political purposes have not been thoroughly studied, much less regulated. This paper aims to conduct a comparative regulatory study between the European Union General Data Protection Regulation (EU GDPR) and Indonesian laws concerning personal data protection in facing the growing practice of data profiling for political purposes. In conclusion, in order to prevent unfair and non-transparent data profiling for political purposes in the upcoming 2019 general election, Indonesia should enact a comprehensive data protection law which provides data subjects with the right to information related to profiling and establishing independent supervisory authority.      

scholarly journals Digital Economy, Big Data and Competition Law

2019 ◽  
Vol 3 (1) ◽  
pp. 53-89
Author(s):  
Roberto Augusto Castellanos Pfeiffer
Keyword(s):  
Big Data ◽  
Data Protection ◽  
Personal Data ◽  
Competition Law ◽  
Digital Economy ◽  
Data Driven ◽  
Dominant Position ◽  
Privacy Concerns ◽  
Sense Data ◽  
Abuse Of Dominant Position

Big data has a very important role in the digital economy, because firms have accurate tools to collect, store, analyse, treat, monetise and disseminate voluminous amounts of data. Companies have been improving their revenues with information about the behaviour, preferences, needs, expectations, desires and evaluations of their consumers. In this sense, data could be considered as a productive input. The article focuses on the current discussion regarding the possible use of competition law and policy to address privacy concerns related to big data companies. The most traditional and powerful tool to deal with privacy concerns is personal data protection law. Notwithstanding, the article examines whether competition law should play an important role in data-driven markets where privacy is a key factor. The article suggests a new approach to the following antitrust concepts in cases related to big data platforms: assessment of market power, merger notification thresholds, measurement of merger effects on consumer privacy, and investigation of abuse of dominant position. In this context, the article analyses decisions of competition agencies which reviewed mergers in big data-driven markets, such as Google/DoubleClick, Facebook/ WhatsApp and Microsoft/LinkedIn. It also reviews investigations of alleged abuse of dominant position associated with big data, in particular the proceeding opened by the Bundeskartellamt against Facebook, in which the German antitrust authority prohibited the data processing policy imposed by Facebook on its users. The article concludes that it is important to harmonise the enforcement of competition, consumer and data protection polices in order to choose the proper way to protect the users of dominant platforms, maximising the benefits of the data-driven economy.

Article 30 Records of processing activities

2020 ◽  
Author(s):  
Waltraut Kotschy
Keyword(s):  
Impact Assessment ◽  
Data Protection ◽  
Personal Data ◽  
Data Flows ◽  
Right Of Access ◽  
Data Subject ◽  
General Conditions

Article 13 (Information to be provided where personal data are collected from the data subject); Article 14 (Information to be provided where personal data have not been obtained from the data subject); Article 15 (Right of access by the data subject); Article 24 (Responsibility of the controller); Article 32 (Security of processing); Article 35 (Data protection impact assessment); Article 37 (Designation of a data protection officer); Article 49 (Derogations for specific situations concerning transborder data flows); Article 83 (General conditions for imposing administrative fines)

Article 9 Processing of special categories of personal data

2020 ◽  
Author(s):  
Ludmila Georgieva ◽  
Christopher Kuner
Keyword(s):  
Decision Making ◽  
Data Protection ◽  
Personal Data ◽  
Genetic Data ◽  
Biometric Data ◽  
Individual Decision Making ◽  
Vital Interest ◽  
Data Portability ◽  
Definition Of ◽  
Data Subject

Article 4(1) (Definition of personal data); Article 4(2) (Definition of processing); Article 4(11) (Definition of consent); Article 4(13) (Definition of genetic data, see also recital 34); Article 4(14) (Definition of biometric data); Article 4(15) (Definition of data concerning health, see also recital 35); Article 6(4)(c) (Lawfulness of processing, compatibility test) (see too recital 46 on vital interest); Article 13(2)(c) (Information to be provided where personal data are collected from the data subject); Article 17(1)(b), (3)(c) (Right to erasure (‘right to be forgotten’)); Article 20(1)(a) (Right to data portability); Article 22(4) (Automated individual decision-making, including profiling); Article 27(2)(a) (Representatives of controllers or processors not established in the Union); Article 30(5) (Records of processing activities); Article 35(3)(b) (Data protection impact assessment) (see too recital 91); Article 37(1)(c) (Designation of the data protection officer) (see too recital 97); Article 83(5)(a) (General conditions for imposing administrative fines).

22. Data Protection and Data Exclusivity

2019 ◽  
pp. 497-512
Author(s):  
Justine Pila ◽  
Paul L.C. Torremans
Keyword(s):  
Data Protection ◽  
Patent Protection ◽  
Personal Data ◽  
Pharmaceutical Sector ◽  
Data Exclusivity ◽  
The Law ◽  
Data Subject

This chapter examines the law on data protection and data exclusivity. It focuses on the new GDPR Regulation. It covers rules on lawful processing of personal data, on the security of the processing, on the transparency of the processing, and on promoting compliance. It also discusses the rights of the data subject, the transfer of personal data to third countries, and the period of data exclusivity granted to the pharmaceutical sector independent of any form of patent protection.

scholarly journals GDPR: Is your consent valid?

2020 ◽  
Vol 37 (1) ◽  
pp. 19-24
Author(s):  
Stephen Breen ◽  
Karim Ouazzane ◽  
Preeti Patel
Keyword(s):  
Information Systems ◽  
Data Protection ◽  
Personal Data ◽  
Data Driven ◽  
Privacy Concerns ◽  
General Data Protection Regulation ◽  
Philosophical Background ◽  
General Data ◽  
Compliance With The Law ◽  
Point Of Departure

The General Data Protection Regulation (GDPR) 2018 imposes much greater demands on companies to address the rights of individuals who provide data, that is, Data Subjects. The new law requires a much more transparent approach to gaining consent to process personal data. However, few obvious changes to how consent is gained from Data Subjects to comply with this. Many companies are running the risk of non-compliance with the law if they fail to address how data are obtained and the lack of true consent which Data Subjects currently give to their data being processed. Consent is a complex philosophical principle which relies on the person giving the consent being in full possession of the facts, this article explores the philosophical background of consent and examines the circumstances which were the point of departure for the debate on consent and attempts to develop an understanding of it in the context of the growing influence of information systems and the data-driven economy. The GDPR has gone further than any other regulation or law to date in developing an understanding of consent to address personal data and privacy concerns.

scholarly journals Right of Access under GDPR and Copyright

2018 ◽  
Vol 12 (2) ◽  
pp. 221-246
Author(s):  
Angela Sobolčiaková
Keyword(s):  
Data Protection ◽  
Copyright Protection ◽  
Personal Data ◽  
Case Law ◽  
Main Question ◽  
The Subject ◽  
The Right ◽  
Access Right ◽  
Right Of Access ◽  
Data Subject

The paper discusses the right to obtain a copy of personal data based on the access right guaranteed in Articles 15 (3) and limited in 15 (4) of the GDPR. Main question is to what extent, the access right provided to data subject under the data protection rules is compatible with copyright. We argue that the subject matter of Article 15 (3) of the GDPR - copy of personal data – may infringe copyright protection of third parties but not a copyright protection attributed to the data controllers.Firstly, because the right of access and copyright may be in certain circumstances incompatible. Secondly, the data controllers are primarily responsible for balancing conflicting rights and neutral balancing exercise could only be applied by the Data Protection Authorities. Thirdly, the case law of the CJEU regarding this issue will need to be developed because the copy as a result of access right may be considered as a new element in data protection law.

scholarly journals Delegation-Based Personal Data Processing Request Notarization Framework for GDPR Based on Private Blockchain

2021 ◽  
Vol 11 (22) ◽  
pp. 10574
Author(s):  
Sung-Soo Jung ◽  
Sang-Joon Lee ◽  
Ieck-Chae Euom
Keyword(s):  
Data Processing ◽  
Data Protection ◽  
Data Privacy ◽  
Personal Data ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
Compliance Audit ◽  
General Data ◽  
Data Controller ◽  
Data Subject

With the growing awareness regarding the importance of personal data protection, many countries have established laws and regulations to ensure data privacy and are supervising managements to comply with them. Although various studies have suggested compliance methods of the general data protection regulation (GDPR) for personal data, no method exists that can ensure the reliability and integrity of the personal data processing request records of a data subject to enable its utilization as a GDPR compliance audit proof for an auditor. In this paper, we propose a delegation-based personal data processing request notarization framework for GDPR using a private blockchain. The proposed notarization framework allows the data subject to delegate requests to process of personal data; the framework makes the requests to the data controller, which performs the processing. The generated data processing request and processing result data are stored in the blockchain ledger and notarized via a trusted institution of the blockchain network. The Hypderledger Fabric implementation of the framework demonstrates the fulfillment of system requirements and feasibility of implementing a GDPR compliance audit for the processing of personal data. The analysis results with comparisons among the related works indicate that the proposed framework provides better reliability and feasibility for the GDPR audit of personal data processing request than extant methods.

scholarly journals The Adequacy of Data Protection Laws in Protecting Personal Data in Malaysia

2021 ◽  
Vol 6 (10) ◽  
pp. 488-495
Author(s):  
Nurkhairina Binti Noor Sureani ◽  
Atikah Shahira Binti Awis Qurni ◽  
Ayman Haziqah Binti Azman ◽  
Mohd Bahrin Bin Othman ◽  
Hariz Sufi Bin Zahari
Keyword(s):  
Comparative Analysis ◽  
Data Protection ◽  
Personal Data ◽  
Data Breaches ◽  
Personal Data Protection ◽  
Analysis Methodology ◽  
Data Subject

With the burgeoning technology, Malaysia has seen a staggering number of data breaches and data leaks within this past decade alone, with no signs of the trend decreasing. This has raised questions on whether the Personal Data Protection Act 2010 (PDPA) adequately protects the personal data of Malaysians. With the recent COVID-19 pandemic, data has been collected on a larger scale than before, with more frequent data leaks occurring. Hence, this study aims to analyse the adequacy of the PDPA by benchmarking it to the United Kingdom’s (UK) Data Protection Act 2018, which have seen a decrease in data breaches since the implementation of the new legislation. In this context, personal data refers to information processed or recorded that relates directly or indirectly to a data subject, who may be identified from the information and may include sensitive personal data. The study uses a doctrinal analysis methodology to best explore the ideas and concepts within the literature available regarding the protection of personal data. The study also employs a comparative analysis methodology by comparing the scope and application of Malaysian and UK legislation for benchmarking. The findings suggest that there are improvements to be made for the PDPA to be adequate.

Processing of personal data relating to the health of the data subject in a pandemic situation

Glimpse ◽  
2021 ◽  
Vol 22 (1) ◽  
pp. 95-99
Author(s):  
Juan Francisco Rodriguez Ayuso ◽  
Keyword(s):  
Public Interest ◽  
Data Protection ◽  
Personal Data ◽  
The State ◽  
Community Level ◽  
Interested Party ◽  
Health Crisis ◽  
The Public ◽  
Vital Interest ◽  
Data Subject

This study offers a systematic, exhaustive and updated investigation of the declaration of the state of alarm and the processing of personal data relating to the health of citizens affected and/or potentially affected by the exceptional situation resulting from COVID-19. Specifically, it analyses the distinction between the state of alarm and the states of exception and siege and the possible effect on the fundamental right to the protection of personal data in exceptional health crisis situations and the effects that this declaration may have on the applicable regulations, issued, at a Community level. Next, and taking into consideration all the general and sectorial regulations applicable to data protection and health, we proceed to the analysis of the legitimate bases and the exceptions that, applicable to situations of health emergency such as the present one, enable the processing, taking into account the nature of the person who intervenes as the controller, making special emphasis on the public interest pursued by the Public Administrations and on the vital interest of the interested party.

Sign in / Sign up

Export Citation Format

Share Document