Enhancing Compliance under the General Data Protection Regulation: The Risky Upshot of the Accountability- and Risk-based Approach

2018 ◽  
Vol 9 (3) ◽  
pp. 502-526 ◽  
Author(s):  
Claudia QUELLE
Keyword(s):  
Data Protection ◽  
Fundamental Rights ◽  
New Approach ◽  
General Data Protection Regulation ◽  
Legal Norms ◽  
Improve Compliance ◽  
Rules And Principles ◽  
General Data ◽  
Data Protection Law ◽  
Fundamental Rights And Freedoms

The risk-based approach has been introduced to the General Data Protection Regulation (GDPR) to make the rules and principles of data protection law “work better”. Organisations are required to calibrate the legal norms in the GDPR with an eye to the risks posed to the rights and freedoms of individuals. This article is devoted to an analysis of the way in which this new approach relates to “tick-box” compliance. How can the law enhance itself? If handled properly by controllers and supervisory authorities, the risk-based approach can bring about a valuable shift in data protection towards substantive protection of fundamental rights and freedoms. While the risk-based approach has a lot of potential, it also has a risk of its own: it relies on controllers to improve compliance, formulating what it means to attain compliance 2.0.

EU Data Protection Law: The Review of Directive 95/46/EC and the General Data Protection Regulation

2017 ◽  
Author(s):  
Peter Hustinx
Keyword(s):  
Data Protection ◽  
Legal Framework ◽  
Fundamental Rights ◽  
Full Potential ◽  
General Data Protection Regulation ◽  
Gradual Development ◽  
Charter Of Fundamental Rights ◽  
General Data ◽  
Data Protection Law ◽  
The Difference

This chapter looks at the origins and the current state of EU data protection law, and highlights the context of the ongoing review of Directive 95/46/EC as its key instrument, as well as the main lines of the proposed General Data Protection Regulation which will replace the Directive in the near future. The analysis shows a gradual development along two lines: one aiming at stronger rights in order to provide more effective protection, and one ensuring more consistent application of those rights across the EU. It also demonstrates the increasing impact of the Charter of Fundamental Rights, both in the case law of the Court of Justice and in the review of the legal framework. At the same time, it is argued that a lack of awareness of the difference in character between Articles 7 and 8 of the Charter could prevent Article 8 from reaching its full potential.

The Risk-Based Approach to Data Protection

2020 ◽  
Author(s):  
Raphaël Gellert
Keyword(s):  
Risk Management ◽  
Data Protection ◽  
Personal Data ◽  
Management Tools ◽  
General Data Protection Regulation ◽  
Regulation Theory ◽  
Régulation Theory ◽  
General Data ◽  
Data Protection Law ◽  
The Way

The main goal of this book is to provide an understanding of what is commonly referred to as “the risk-based approach to data protection”. An expression that came to the fore during the overhaul process of the EU’s General Data Protection Regulation (GDPR)—even though it can also be found in other statutes under different acceptations. At its core it consists in endowing the regulated organisation that process personal data with increased responsibility for complying with data protection mandates. Such increased compliance duties are performed through risk management tools. It addresses this topic from various perspectives. In framing the risk-based approach as the latest model of a series of regulation models, the book provides an analysis of data protection law from the perspective of regulation theory as well as risk and risk management literatures, and their mutual interlinkages. Further, it provides an overview of the policy developments that led to the adoption of such an approach, which it discusses in the light of regulation theory. It also includes various discussions pertaining to the risk-based approach’s scope and meaning, to the way it has been uptaken in statutes including key provisions such as accountability and data protection impact assessments, or to its potential and limitations. Finally, it analyses how the risk-based approach can be implemented in practice by providing technical analyses of various data protection risk management methodologies.

Protecting Genetic Privacy in Biobanking through Data Protection Law

2021 ◽  
Author(s):  
Dara Hallinan
Keyword(s):  
Data Protection ◽  
Critical Infrastructure ◽  
Legal Framework ◽  
Privacy Rights ◽  
Genetic Privacy ◽  
General Data Protection Regulation ◽  
General Data ◽  
Research Biobanks ◽  
The Subject ◽  
Data Protection Law

Biobanks are critical infrastructure for medical research. Biobanks, however, are also the subject of considerable ethical and legal uncertainty. Given that biobanks process large quantities of genomic data, questions have emerged as to how genetic privacy should be protected. What types of genetic privacy rights and rights holders should be protected and to what extent? Since 25 May 2018, the General Data Protection Regulation (GDPR) has applied and now occupies a key position in the European legal framework for the regulation of biobanking. This book takes an in-depth look at the function, problems, and opportunities presented by European data protection law under the GDPR as a framework for the protection of genetic privacy in biobanking. It argues that the substantive framework presented by the GDPR already offers an admirable baseline level of protection for the range of genetic privacy rights engaged by biobanking. The book further contends that while numerous problems with this standard of protection are indeed identifiable, the GDPR offers the flexibility to accommodate solutions to these problems, as well as the procedural mechanisms to realise these solutions.

The Second Internet: The Brussels Bourgeois Internet

2021 ◽  
pp. 77-91
Author(s):  
Kieron O’Hara
Keyword(s):  
European Union ◽  
Public Space ◽  
Data Protection ◽  
The European Union ◽  
Privacy Rights ◽  
General Data Protection Regulation ◽  
Internet Privacy ◽  
Data Protection Directive ◽  
General Data ◽  
Data Protection Law

This chapter describes the Brussels Bourgeois Internet. The ideal consists of positive, managed liberty where rights of others are respected, as in the bourgeois public space, where liberty follows only when rights are secured. The exemplar of this approach is the European Union, which uses administrative means, soft law, and regulation to project its vision across the Internet. Privacy and data protection have become the most emblematic struggles. Under the Data Protection Directive of 1995, the European Union developed data-protection law and numerous privacy rights, including a right to be forgotten, won in a case against Google Spain in 2014, the arguments about which are dissected. The General Data Protection Regulation (GDPR) followed in 2018, amplifying this approach. GDPR is having the effect of enforcing European data-protection law on international players (the ‘Brussels effect’), while the European Union over the years has developed unmatched expertise in data-protection law.

scholarly journals The GDPR as Global Data Protection Regulation?

AJIL Unbound ◽  
2020 ◽  
Vol 114 ◽  
pp. 5-9 ◽  
Author(s):  
Cedric Ryngaert ◽  
Mistale Taylor
Keyword(s):  
International Law ◽  
Data Protection ◽  
Personal Data ◽  
Fundamental Rights ◽  
General Data Protection Regulation ◽  
Data Protection Directive ◽  
Protection Legislation ◽  
General Data ◽  
Global Data ◽  
The Eu

The deterritorialization of the Internet and international communications technology has given rise to acute jurisdictional questions regarding who may regulate online activities. In the absence of a global regulator, states act unilaterally, applying their own laws to transborder activities. The EU's “extraterritorial” application of its data protection legislation—initially the Data Protection Directive (DPD) and, since 2018, the General Data Protection Regulation (GDPR)—is a case in point. The GDPR applies to “the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to: (a) the offering of goods or services . . . to such data subjects in the Union; or (b) the monitoring of their behaviour . . . within the Union.” It also conditions data transfers outside the EU on third states having adequate (meaning essentially equivalent) data protection standards. This essay outlines forms of extraterritoriality evident in EU data protection law, which could be legitimized by certain fundamental rights obligations. It then looks at how the EU balances data protection with third states’ countervailing interests. This approach can involve burdens not only for third states or corporations, but also for the EU political branches themselves. EU law viewed through the lens of public international law shows how local regulation is going global, despite its goal of protecting only EU data subjects.

Introducing Key Elements Regarding Access to Personal Data for Scientific Research in the Perspective of Developing Innovative Medicines

2020 ◽  
Vol 27 (3) ◽  
pp. 195-212
Author(s):  
Jean Herveg ◽  
Annagrazia Altavilla
Keyword(s):  
Data Protection ◽  
Open Data ◽  
Scientific Research ◽  
Personal Data ◽  
Private Life ◽  
Fundamental Rights ◽  
Future Research ◽  
General Data Protection Regulation ◽  
Public Sector Information ◽  
General Data

Abstract This article aims at opening discussions and promoting future research about key elements that should be taken into account when considering new ways to organise access to personal data for scientific research in the perspective of developing innovative medicines. It provides an overview of these key elements: the different ways of accessing data, the theory of the essential facilities, the Regulation on the Free Flow of Non-personal Data, the Directive on Open Data and the re-use of public sector information, and the General Data Protection Regulation (GDPR) rules on accessing personal data for scientific research. In the perspective of fostering research, promoting innovative medicines, and having all the raw data centralised in big databases localised in Europe, we suggest to further investigate the possibility to find acceptable and balanced solutions with complete respect of fundamental rights, as well as for private life and data protection.

scholarly journals How Comprehensive Is Chinese Data Protection Law? A Systematisation of Chinese Data Protection Law from a European Perspective

2020 ◽  
Vol 69 (12) ◽  
pp. 1191-1203
Author(s):  
Anja Geller
Keyword(s):  
Data Protection ◽  
European Perspective ◽  
General Development ◽  
General Direction ◽  
General Data Protection Regulation ◽  
Chinese Law ◽  
European Data ◽  
General Data ◽  
Data Protection Law

Abstract In China, there is no unified data protection law similar to the EU’s General Data Protection Regulation (GDPR). As a result, there are many different relevant regulations. Among other things, this makes enforcement and comprehension more difficult. To alleviate this problem and assess the comprehensiveness of Chinese data protection, this article uses the GDPR as a frame to organise and systematise the most important Chinese regulations. Binding and non-binding as well as enacted and draft provisions are included to show the dynamic progress and the general direction of Chinese law. While from a European data protection perspective there still are numerous deficiencies, the general development is positive.

Kommunikation, Kreation und Innovation - Recht im Umbruch?

2019 ◽  
Keyword(s):  
Data Protection ◽  
Industry 4.0 ◽  
Credit Scoring ◽  
Copyright Law ◽  
General Data Protection Regulation ◽  
Technical Developments ◽  
General Data ◽  
Data Protection Law ◽  
Artificial Intelligence Systems

The conference transcript deals with current challenges facing the legal fields of intellectual property, media, competition and data protection law, primarily due to technical developments and the resulting changes in legislation. Examples of this are artificial intelligence systems that call into question essential principles of current patent and copyright law. However, it also deals with questions concerning the legal classification of search engines, social bots and other internet intermediaries, as well as questions of the data protection requirements for bloggers, street photographers and credit scoring, which need to be clarified in particular by the new General Data Protection Regulation. The book also focuses on the regulatory options for "Industry 4.0" data markets and the new directive on copyright in the digital single market. With contributions by Stefan Papastefanou, David Linke, Katrin Giere und Dorothea Heilmann, Azim Semizoglu, Hanno Magnus, Jens Milker, Stefan Michel, Katharina Wunner, André Reinelt, David Kleß, Tobias Endrich-Laimböck, Justus Duhnkrack, Susan Bischoff

Das intelligente Energiesystem der Zukunft

2020 ◽  
Author(s):  
Ryan Kelly
Keyword(s):  
Data Protection ◽  
Energy System ◽  
Fundamental Rights ◽  
Smart Meter ◽  
Eu Law ◽  
Smart Meters ◽  
General Data Protection Regulation ◽  
Regulatory Strategy ◽  
General Data ◽  
The Eu

The regulated rollout of smart meters is intended to digitise the energy infrastructure with the goal of creating a future-oriented European energy system. In order to implement the EU requirements, the German legislature is pursuing a regulatory strategy with mandatory legal toleration of intelligent metering systems. This is associated with a variety of fundamental rights and data protection problems. The study examines the smart meter rollout in its complex reality between constitutional, energy and data protection law, as well as European and national regulations. The implementation of smart meters will be discussed in its entirety and analysed on the basis of constitutional and EU law. The focus lies, in particular, on the dogmatic localisation in the European constitutional framework and the examination on the legal basis of the General Data Protection Regulation (GDPR). The results of the study are visualised in two condensed illustrations.

Sign in / Sign up

Export Citation Format

Share Document