scholarly journals COVID-19 contact tracing apps: a stress test for privacy, the GDPR, and data protection regimes

2020 ◽  
Vol 7 (1) ◽  
Author(s):  
Laura Bradford ◽  
Mateo Aboy ◽  
Kathleen Liddell
Keyword(s):  
Data Protection ◽  
Stress Test ◽  
Fundamental Rights ◽  
Contact Tracing ◽  
Notification System ◽  
General Data Protection Regulation ◽  
Consumer Privacy ◽  
Privacy Act ◽  
Digital Surveillance ◽  
Contact Tracking

Abstract Digital surveillance has played a key role in containing the COVID-19 outbreak in China, Singapore, Israel, and South Korea. Google and Apple recently announced the intention to build interfaces to allow Bluetooth contact tracking using Android and iPhone devices. In this article, we look at the compatibility of the proposed Apple/Google Bluetooth exposure notification system with Western privacy and data protection regimes and principles, including the General Data Protection Regulation (GDPR). Somewhat counter-intuitively, the GDPR’s expansive scope is not a hindrance, but rather an advantage in conditions of uncertainty such as a pandemic. Its principle-based approach offers a functional blueprint for system design that is compatible with fundamental rights. By contrast, narrower, sector-specific rules such as the US Health Insurance Portability and Accountability Act (HIPAA), and even the new California Consumer Privacy Act (CCPA), leave gaps that may prove difficult to bridge in the middle of an emergency.

scholarly journals Medical Error in Psychiatry - Brazilian Analysis and Proposal For A Doctor's Protection Protocol

2020 ◽  
Vol 03 (11) ◽  
Author(s):  
Homaile Mascarin do Vale ◽  
Keyword(s):  
Data Protection ◽  
Medical Error ◽  
Medical Malpractice ◽  
Patient Privacy ◽  
General Data Protection Regulation ◽  
Consumer Privacy ◽  
Privacy Act ◽  
The Face ◽  
General Data ◽  
Real Practice

There is an increase in the number of medical malpractice cases all over the world and the detachment of the role of the judiciary and the real practice of medical activity is striking, converging to a weakness of the doctor in the face of a system that does not advocate the equalization of plaintiff and defendant in the process, bringing procedural difficulties to the doctor due to the legislation, especially the Brazilian. In a transdisciplinary way, permeating the law and medicine, the article mapped the operation of the Brazilian judiciary in the face of medical error and, specifically, measured how the state power understands cases about psychiatry, a specialty that is difficult to prove medical error. It was analyzed statistically how Brazilian courts behave, creating a procedural diagnosis of justice. This research offers a protection protocol to the psychiatrist inspired by the General Data Protection Law, which in turn comes from the European General Data Protection Regulation and the California Consumer Privacy Act of 2018 to address the procedural vulnerability of the doctor in medical error processes respecting patient privacy and intimacy, applicable and adaptable to countries and continents that have legislation for specific data protection. The article concludes by critically analyzing the format of processing and judgment of medical malpractice cases in Brazil, proposing a multidisciplinary configuration in search of real justice.

scholarly journals Apply or not to apply?

2020 ◽  
Vol 4 (2) ◽  
pp. 81-94
Author(s):  
Matúš Mesarčík
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
The European Union ◽  
Privacy Regulation ◽  
New Era ◽  
General Data Protection Regulation ◽  
Consumer Privacy ◽  
Privacy Act ◽  
General Data ◽  
The Eu

A new era of data protection laws arises after the adoption of the General Data Protection Regulation (GDPR) in the European Union. One of the newly adopted regulations of processing of personal data is Californian Consumer Privacy Act commonly referred to as CCPA. The article aims to fill the gap considering a deep analysis of the territorial scope of both acts and practical consequences of the application. The article starts with a brief overview of privacy regulation in the EU and USA. Introduction to GDPR and CCPA follows focusing on the territorial scope of respective legislation. Three scenarios of applicability are derived in the following part including practical examples.

scholarly journals The GDPR as Global Data Protection Regulation?

AJIL Unbound ◽  
2020 ◽  
Vol 114 ◽  
pp. 5-9 ◽  
Author(s):  
Cedric Ryngaert ◽  
Mistale Taylor
Keyword(s):  
International Law ◽  
Data Protection ◽  
Personal Data ◽  
Fundamental Rights ◽  
General Data Protection Regulation ◽  
Data Protection Directive ◽  
Protection Legislation ◽  
General Data ◽  
Global Data ◽  
The Eu

The deterritorialization of the Internet and international communications technology has given rise to acute jurisdictional questions regarding who may regulate online activities. In the absence of a global regulator, states act unilaterally, applying their own laws to transborder activities. The EU's “extraterritorial” application of its data protection legislation—initially the Data Protection Directive (DPD) and, since 2018, the General Data Protection Regulation (GDPR)—is a case in point. The GDPR applies to “the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to: (a) the offering of goods or services . . . to such data subjects in the Union; or (b) the monitoring of their behaviour . . . within the Union.” It also conditions data transfers outside the EU on third states having adequate (meaning essentially equivalent) data protection standards. This essay outlines forms of extraterritoriality evident in EU data protection law, which could be legitimized by certain fundamental rights obligations. It then looks at how the EU balances data protection with third states’ countervailing interests. This approach can involve burdens not only for third states or corporations, but also for the EU political branches themselves. EU law viewed through the lens of public international law shows how local regulation is going global, despite its goal of protecting only EU data subjects.

Enhancing Compliance under the General Data Protection Regulation: The Risky Upshot of the Accountability- and Risk-based Approach

2018 ◽  
Vol 9 (3) ◽  
pp. 502-526 ◽  
Author(s):  
Claudia QUELLE
Keyword(s):  
Data Protection ◽  
Fundamental Rights ◽  
New Approach ◽  
General Data Protection Regulation ◽  
Legal Norms ◽  
Improve Compliance ◽  
Rules And Principles ◽  
General Data ◽  
Data Protection Law ◽  
Fundamental Rights And Freedoms

The risk-based approach has been introduced to the General Data Protection Regulation (GDPR) to make the rules and principles of data protection law “work better”. Organisations are required to calibrate the legal norms in the GDPR with an eye to the risks posed to the rights and freedoms of individuals. This article is devoted to an analysis of the way in which this new approach relates to “tick-box” compliance. How can the law enhance itself? If handled properly by controllers and supervisory authorities, the risk-based approach can bring about a valuable shift in data protection towards substantive protection of fundamental rights and freedoms. While the risk-based approach has a lot of potential, it also has a risk of its own: it relies on controllers to improve compliance, formulating what it means to attain compliance 2.0.

An Overview of Recent Development in Privacy Regulations and Future Research Opportunities

2021 ◽  
pp. 1-14
Author(s):  
Tawei Wang ◽  
Yen-Yao Wang
Keyword(s):  
Economic Consequences ◽  
Future Research ◽  
Research Opportunities ◽  
General Data Protection Regulation ◽  
Consumer Privacy ◽  
Privacy Act ◽  
General Data ◽  
Security Compliance ◽  
New Research ◽  
Data Broker

This chapter provides an overview of several recently proposed or passed privacy-related regulations, including General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), Illinois Video Interview Act, Data Broker Regulations in Vermont, and Privacy Bill of Rights Act, and related but very limited studies. Toward the end, several research opportunities are discussed. These research opportunities include (1) economic consequences of these new regulations and (2) the new research framework to capture novel features of these regulations to explain security compliance. The authors further discuss possible research designs to address the proposed research opportunities. This chapter provides both professionals and researchers additional insights on the regulation of privacy issues.

EU Data Protection Law: The Review of Directive 95/46/EC and the General Data Protection Regulation

2017 ◽  
Author(s):  
Peter Hustinx
Keyword(s):  
Data Protection ◽  
Legal Framework ◽  
Fundamental Rights ◽  
Full Potential ◽  
General Data Protection Regulation ◽  
Gradual Development ◽  
Charter Of Fundamental Rights ◽  
General Data ◽  
Data Protection Law ◽  
The Difference

This chapter looks at the origins and the current state of EU data protection law, and highlights the context of the ongoing review of Directive 95/46/EC as its key instrument, as well as the main lines of the proposed General Data Protection Regulation which will replace the Directive in the near future. The analysis shows a gradual development along two lines: one aiming at stronger rights in order to provide more effective protection, and one ensuring more consistent application of those rights across the EU. It also demonstrates the increasing impact of the Charter of Fundamental Rights, both in the case law of the Court of Justice and in the review of the legal framework. At the same time, it is argued that a lack of awareness of the difference in character between Articles 7 and 8 of the Charter could prevent Article 8 from reaching its full potential.

scholarly journals Wearable Technologies and Smart Clothes in the Fashion Business: Some Issues Concerning Cybersecurity and Data Protection

Laws ◽  
2020 ◽  
Vol 9 (2) ◽  
pp. 12
Author(s):  
Giovanni Ziccardi
Keyword(s):  
Data Protection ◽  
Legal Framework ◽  
Wearable Devices ◽  
Point Of View ◽  
Fundamental Rights ◽  
Management Policy ◽  
Digital Society ◽  
General Data Protection Regulation ◽  
Need To Evaluate ◽  
The Individual

Wearable devices and smart clothes give rise to pivotal technological and legal issues in the fashion business. The cybersecurity attention in the digital society, and the advent of General Data Protection Regulation No. 2016/679 (GDPR) in the European, and global, legal framework, implied the need to evaluate which norms and aspects of the European Regulation could apply to wearable devices, which are becoming more and more invasive. Wearable devices are, first of all (and from a data protection point of view), intrusive tools that can put users’ personal (and intimate) data at risk. In particular, we will discuss the aspects of the spread of an accountability “culture” (also) in the fashion business, the need for correct management policy of data breaches, the rights of transparency for users/customers who are using wearable devices and smart clothes, and respect for the dignity and nondiscrimination of the individual during the data collection and processing. These are, all, fundamental points: the protection of the individual’s data in the digital landscape is, in fact, strictly connected to the protection of his/her fundamental rights in the modern digital society.

scholarly journals Mass data gathering and surveillance: the fight against facial recognition technology in the globalized world

2020 ◽  
Vol 74 ◽  
pp. 03006
Author(s):  
Irena Nesterova
Keyword(s):  
San Francisco ◽  
Data Protection ◽  
Facial Recognition ◽  
Data Gathering ◽  
Legal Framework ◽  
Fundamental Rights ◽  
General Data Protection Regulation ◽  
The Us ◽  
The Impact ◽  
The Eu

The growing use of facial recognition technologies has put them under the regulatory spotlight all around the world. The EU considers to regulate facial regulation technologies as a part of initiative of creating ethical and legal framework for trustworthy artificial intelligence. These technologies are attracting attention of the EU data protection authorities, e.g. in Sweden and the UK. In May, San Francisco was the first city in the US to ban police and other government agencies from using facial recognition technology, soon followed by other US cities. The paper aims to analyze the impact of facial recognition technology on the fundamental rights and values as well as the development of its regulation in Europe and the US. The paper will reveal how these technologies may significantly undermine fundamental rights, in particular the right to privacy, and may lead to prejudice and discrimination. Moreover, alongside the risks to fundamental rights a wider impact of these surveillance technologies on democracy and the rule of law needs to be assessed. Although the existing laws, in particular the EU General Data Protection Regulation already imposes significant requirements, there is a need for further guidance and clear regulatory framework to ensure trustworthy use of facial recognition technology.

Introducing Key Elements Regarding Access to Personal Data for Scientific Research in the Perspective of Developing Innovative Medicines

2020 ◽  
Vol 27 (3) ◽  
pp. 195-212
Author(s):  
Jean Herveg ◽  
Annagrazia Altavilla
Keyword(s):  
Data Protection ◽  
Open Data ◽  
Scientific Research ◽  
Personal Data ◽  
Private Life ◽  
Fundamental Rights ◽  
Future Research ◽  
General Data Protection Regulation ◽  
Public Sector Information ◽  
General Data

Abstract This article aims at opening discussions and promoting future research about key elements that should be taken into account when considering new ways to organise access to personal data for scientific research in the perspective of developing innovative medicines. It provides an overview of these key elements: the different ways of accessing data, the theory of the essential facilities, the Regulation on the Free Flow of Non-personal Data, the Directive on Open Data and the re-use of public sector information, and the General Data Protection Regulation (GDPR) rules on accessing personal data for scientific research. In the perspective of fostering research, promoting innovative medicines, and having all the raw data centralised in big databases localised in Europe, we suggest to further investigate the possibility to find acceptable and balanced solutions with complete respect of fundamental rights, as well as for private life and data protection.

Sign in / Sign up

Export Citation Format

Share Document