scholarly journals Can the GDPR and Freedom of Expression Coexist?

AJIL Unbound ◽  
2020 ◽  
Vol 114 ◽  
pp. 31-34
Author(s):  
Nani Jansen Reventlow
Keyword(s):  
Data Protection ◽  
Data Privacy ◽  
Freedom Of Expression ◽  
Personal Information ◽  
Personal Data ◽  
Raw Material ◽  
Individual Data ◽  
General Data Protection Regulation ◽  
General Data ◽  
The Right

The General Data Protection Regulation (GDPR) imposes important transparency and accountability requirements on different actors who process personal data. This is great news for the protection of individual data privacy. However, given that “personal information and human stories are the raw material of journalism,” what does the GDPR mean for freedom of expression and especially for journalistic activity? This essay argues that, although EU states seem to have taken their data protection obligations under the GDPR seriously, efforts to balance this against the right to freedom of expression have been more uneven. The essay concludes that it is of key importance to ensure that the GDPR's safeguards for data privacy do not compromise a free press.

scholarly journals Delegation-Based Personal Data Processing Request Notarization Framework for GDPR Based on Private Blockchain

2021 ◽  
Vol 11 (22) ◽  
pp. 10574
Author(s):  
Sung-Soo Jung ◽  
Sang-Joon Lee ◽  
Ieck-Chae Euom
Keyword(s):  
Data Processing ◽  
Data Protection ◽  
Data Privacy ◽  
Personal Data ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
Compliance Audit ◽  
General Data ◽  
Data Controller ◽  
Data Subject

With the growing awareness regarding the importance of personal data protection, many countries have established laws and regulations to ensure data privacy and are supervising managements to comply with them. Although various studies have suggested compliance methods of the general data protection regulation (GDPR) for personal data, no method exists that can ensure the reliability and integrity of the personal data processing request records of a data subject to enable its utilization as a GDPR compliance audit proof for an auditor. In this paper, we propose a delegation-based personal data processing request notarization framework for GDPR using a private blockchain. The proposed notarization framework allows the data subject to delegate requests to process of personal data; the framework makes the requests to the data controller, which performs the processing. The generated data processing request and processing result data are stored in the blockchain ledger and notarized via a trusted institution of the blockchain network. The Hypderledger Fabric implementation of the framework demonstrates the fulfillment of system requirements and feasibility of implementing a GDPR compliance audit for the processing of personal data. The analysis results with comparisons among the related works indicate that the proposed framework provides better reliability and feasibility for the GDPR audit of personal data processing request than extant methods.

scholarly journals Uchybienie przepisom o ochronie danych osobowych jako naruszenie dobra osobistego – analiza na przykładzie orzecznictwa Sądu Najwyższego

2019 ◽  
pp. 245-259
Author(s):  
Bernard Łukanko
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Right To Privacy ◽  
Professional Literature ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
The Right To Privacy ◽  
General Data ◽  
The Right ◽  
Personal Interests

The study is concerned with the issue of mutual relationship between the failure to comply with the laws on personal data protection and regulations relating to the protection of personal interests, including in particular the right to privacy. The article presents the views held by the Supreme Court with respect to the possibility of considering acts infringing upon the provisions of the Personal Data Protection Act of 1997 (after 24 May 2018) and of the General Data Protection Regulation (after 25 May 2018) as violation of personal interests, such as the right to privacy. The author shared the view of the case law stating that, if in specifc circumstances the processing of personal data violates the right to privacy, the party concerned may seek remedy on the grounds of Articles 23 and 24 of the Polish Civil Code. This position isalso relevant after the entry into force of the GDPR which, in a comprehensive and exhaustive manner, directly applicable in all Member States, regulates the issue of liability under civil law for infringements of the provisions of the Regulation, however, according to the position expressed in professional literature, it does not exclude the concurrence of claims and violation of the provisions on the protection of personal interests caused by a specifc event. In case of improper processing of personal data, the remedies available under domestic law on the protection of personal interests may be of particular importance outside the subject matter scope of the GDPR applicability. 

Oblivion Is Full of Memory

2021 ◽  
pp. 441-465
Author(s):  
Anabelen Casares Marcos
Keyword(s):  
Data Protection ◽  
Personal Information ◽  
Self Determination ◽  
Current Status ◽  
The Internet ◽  
General Data Protection Regulation ◽  
Legal Duty ◽  
General Data ◽  
The Right ◽  
The Eu

The right to informational self-determination has raised bitter debate over the last decade as to the opportunity and possible scope of the right to demand withdrawal from the internet of personal information which, while true, might represent a detriment that there is no legal duty to put up with. The leading case in this topic is that of Mario Costeja, Judgment of the EU Court of Justice, May 13, 2014. The interest of recent European jurisprudence lies not so much in the recognition of such a right but in the appreciation of certain limits to its implementation, assisting data protection authorities in balancing the rights at stake in each case. Reflection on the current status of the issue considers rights and duties imposed in the matter by Regulation (EU) 2016/679, of 27 April, known as the new General Data Protection Regulation.

Anonymization, tokenization, encryption. How to recover unrecoverable data

2018 ◽  
Vol 0 (6/2017) ◽  
pp. 9-13
Author(s):  
Olga Dzięgielewska
Keyword(s):  
Risk Analysis ◽  
Data Protection ◽  
Data Privacy ◽  
Personal Data ◽  
Insider Threat ◽  
General Data Protection Regulation ◽  
Analysis Phase ◽  
Data Layer ◽  
General Data ◽  
Financial Consequences

The data privacy is currently vastly commented topic among all the organizations which process personal data due to the introduction of the European Union’s General Data Protection Regulation. Existing methods of data protection are believed to be sufficient as they meet the risk-based approach requirements in every mature organization, yet the number of publicly known data breaches confirms that this assumption is false. The aftermath of such incidents in countless cases prove that the risk-based approach failed as the reputational and financial consequences by far exceed the original estimations. This paper stressed the importance of the data layer protection from the planning, through design, until maintenance stages in the database lifecycle, as numerous attack vectors originating from the insider threat and targeting the data layer still sneak through unnoticed during the risk analysis phase.

scholarly journals Can the Internet Forget? – Rhe Eight to be Forgotten in the EU Law and its Actual Impact on the Internet. Comparison of the Approaches Towards the Notion and Assessment of its Effectiveness

2020 ◽  
Vol 9 (1) ◽  
pp. 86-101
Author(s):  
Aleksandra Gebuza
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
The Internet ◽  
Eu Law ◽  
General Data Protection Regulation ◽  
Actual Impact ◽  
Right To Be Forgotten ◽  
General Data ◽  
The Right ◽  
The Eu

AbstractThe main aim of the article is to provide analysis on the notion of the right to be forgotten developed by the CJEU in the ruling Google v. AEPD & Gonzalez and by the General Data Protection Regulation within the context of the processing of personal data on the Internet. The analysis provides the comparison of approach towards the notion between European and American jurisprudence and doctrine, in order to demonstrate the scale of difficulty in applying the concept in practice.

Introduction

2019 ◽  
pp. 3-18
Author(s):  
David Erdos
Keyword(s):  
Data Protection ◽  
Public Discourse ◽  
Freedom Of Expression ◽  
Methodological Approach ◽  
Personal Data ◽  
European Economic Area ◽  
Normative Study ◽  
General Data Protection Regulation ◽  
General Data ◽  
Professional Artists

This chapter introduces the tension between European data protection regulation and freedom of expression, including the heightened form this tension assumes as regards the activity of professional journalists and other traditional publishers. These actors not only play a central role in public discourse but also often possess a disproportionate ability to gather, process, and disseminate personal data. It is therefore important both to examine how these interactions have played out at different times, in different places and contexts, and to consider how they might best evolve across the European Economic Area (EEA) under the new European Union (EU) General Data Protection Regulation (GDPR). The concept of traditional publishers is often equated to professional journalists and the institutional media but should also encompass professional artists and writers including academics. The chapter delineates the scope of this empirical and normative study, explores the key concepts deployed, and elucidates the methodological approach adopted.

From universal towards child-specific protection of the right to privacy online: Dilemmas in the EU General Data Protection Regulation

2017 ◽  
Vol 19 (5) ◽  
pp. 765-779 ◽  
Author(s):  
Milda Macenaite
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Best Interests ◽  
Right To Privacy ◽  
General Data Protection Regulation ◽  
Average Child ◽  
The Right To Privacy ◽  
General Data ◽  
The Right ◽  
The Eu

The new European Union (EU) General Data Protection Regulation aims to adapt children’s right to privacy to the ‘digital age’. It explicitly recognizes that children deserve specific protection of their personal data, and introduces additional rights and safeguards for children. This article explores the dilemmas that the introduction of the child-tailored online privacy protection regime creates – the ‘empowerment versus protection’ and the ‘individualized versus average child’ dilemmas. It concludes that by favouring protection over the empowerment of children, the Regulation risks limiting children in their online opportunities, and by relying on the average child criteria, it fails to consider the evolving capacities and best interests of the child.

scholarly journals A System to Access Online Services with Minimal Personal Information Disclosure

2021 ◽  
Author(s):  
Antonia Russo ◽  
Gianluca Lax ◽  
Baptiste Dromard ◽  
Menad Mezred
Keyword(s):  
Data Protection ◽  
Information Disclosure ◽  
Personal Information ◽  
Personal Data ◽  
Cryptographic Primitives ◽  
Online Services ◽  
General Data Protection Regulation ◽  
General Data

AbstractThe General Data Protection Regulation highlights the principle of data minimization, which means that only data required to successfully accomplish a given task should be processed. In this paper, we propose a Blockchain-based scheme that allows users to have control over the personal data revealed when accessing a service. The proposed solution does not rely on sophisticated cryptographic primitives, provides mechanisms for revoking the authorization to access a service and for guessing the identity of a user only in cases of need, and is compliant with the recent eIDAS Regulation. We prove that the proposed scheme is secure and reaches the expected goal, and we present an Ethereum-based implementation to show the effectiveness of the proposed solution.

Data Protection Commissioner v. Facebook Ireland Ltd. and Maximillian Schrems (C.J.E.U.)

2021 ◽  
Vol 60 (1) ◽  
pp. 53-98
Author(s):  
Michael S. Aktipis ◽  
Ron B. Katwan
Keyword(s):  
Data Protection ◽  
Data Privacy ◽  
Personal Data ◽  
The United States ◽  
Transfer Mechanism ◽  
The European Union ◽  
Privacy Concerns ◽  
General Data Protection Regulation ◽  
General Data ◽  
The Eu

On July 16, 2020, the Court of Justice of the European Union (CJEU) issued its ruling in Data Protection Commissioner v. Facebook Ireland Limited and Maximillian Schrems, commonly known as Schrems II, invalidating the EU–U.S. Privacy Shield as a valid transfer mechanism under the EU's General Data Protection Regulation (GDPR) and creating significant legal uncertainty for the continued availability of another widely used transfer mechanism, Standard Contractual Clauses (SCCs), for transfers of EU personal data from commercial entities in the EU to the United States. The widely anticipated ruling marked the second time in five years that the CJEU had invalidated the legal foundation for such data transfers, which in both cases had been the result of a carefully negotiated compromise balancing European data privacy concerns with statutory and constitutional limitations of the U.S. system (see Schrems I).

scholarly journals Convention 108: Present importance and implementation

2020 ◽  
pp. 99-110
Author(s):  
Arben Murtezić
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Government Officials ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
The Right To Privacy ◽  
European Court ◽  
General Data ◽  
The Right ◽  
The Relationship

The purpose of this paper is to highlight the significance of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (Convention 108) in the overall system of personal data protection, especially from the perspective of non-EU countries that are members of the Council of Europe. This is attempted primarily through the evaluation of correlation between the Convention 108 and ECHR and GDPR in its segment that regulates relationship between the EU and third countries. The interest for the issue of personal data protection has been increasing among legal and ICT professionals, academics, government officials and even a general public over the years. This has been particularly intensified by adopting General Data Protection Regulation (GDPR). However, the adoption of the GDPR did not diminish importance of the Convention 108. On the contrary, it seems that the 'adequacy' principle regarding the third countries proclaimed by the GDPR, stresses its importance. The paper begins with the brief overview of the Convention 108 principles and the modernization that is brought by Protocol of 2018, which coincides with the entry into force of much-mentioned GDPR. It continues with analysis of the relationship between the GDPR and Convention 108, with focus on elements decisively influencing the assessment of the adequacy of the level of protection. Even though there is no sign of equivalence between the right to privacy and personal data protection these matters inevitably intersect in practice. Therefore, the final section of the text summarizes the cases of the European Court of Human Rights invoking Convention 108, with the aim to demonstrate how it is interpreted by the highest judicial instance in Europe.

Sign in / Sign up

Export Citation Format

Share Document