scholarly journals Ocena skutków dla ochrony danych

2020 ◽  
pp. 161-180
Author(s):  
Aleksandra Pyka
Keyword(s):  
Data Processing ◽  
Impact Assessment ◽  
Data Protection ◽  
Personal Data ◽  
Supervisory Authority ◽  
Legal Provisions ◽  
The Impact ◽  
General Regulation ◽  
The Eu

This article deals with the issue of impact assessment for the protection of personal data. This is a new obligation for the controller. The article presents the essence of impact assessment (DPIA), exclusion from the obligation to carry it out, the prerequisite for mandatory DPIA, the role of the data protection officer and the powers of the supervisory authority. The analysis of legal provisions related to the impact assessment presented here does not refer to specific situations, due to the wide scope for interpreting specific phrases contained in the General Regulation. Nevertheless, the article discusses the issue of conducting data protection impact assessments as one of the most problematic obligations incumbent on the controller, who in practice raises many doubts. The DPIA has been imprecisely regulated by the EU legislator, thus leaving controllers plenty of leeway to interpret the terms used in the General Regulation. In addition, carrying out a DPIA in practice (as a new obligation on entities setting the purposes and means of data processing) can be problematic due to the lack of harmonized methods for conducting a data protection impact assessment. However, controllers cannot assign DPIA implementation to other entities involved in data processing, such as an entity processing personal data on behalf of another. Entities setting the purposes and methods of data processing should not only take into account the provisions of the General Regulation but also a list of data processing operations that are obligatorily subject to DPIA. Controllers fulfilling the obligation to carry out a data protection impact assessment will be obliged by the supervisory authority to demonstrate how to carry out a data protection impact assessment.

scholarly journals Data protection impact assessments in the European Union: complementing the new legal framework towards a more robust protection of individuals

2020 ◽  
Author(s):  
Dariusz Kloza ◽  
Niels van Dijk ◽  
Raphaël Gellert ◽  
István Böröcz ◽  
Alessia Tanas ◽  
...  
Keyword(s):  
European Union ◽  
Impact Assessment ◽  
Data Protection ◽  
Best Practice ◽  
Personal Data ◽  
Legal Framework ◽  
Background Information ◽  
The European Union ◽  
Legal Provisions ◽  
The Eu

This paper provides recommendations for the European Union (EU) to complement the requirement for data protection impact assessment (DPIA), as set forth in the General Data Protection Regulation (GDPR), with a view of achieving a more robust protection of personal data. In April 2016 the EU concluded the core part of the reform of its legal framework for personal data protection. The Union is currently preparing implementing measures and guidelines to give full effect to the new legal provisions before their applicability from May 2018. This reform introduces, among other ‘novelties’, a legal requirement to conduct a DPIA. However, this requirement bears a few weak points. In order to inform this on-going policy-making process, the present policy brief attempts to draft a best practice for a generic type of impact assessment, i.e. recommended for different areas (section II). Section III makes an early evaluation of how this best practice relates to the specific impact assessment requirement set forth in the GDPR, i.e. DPIA. These sections are preceded by succinct background information on impact assessments as such: definition, historical overview, and their merits and drawbacks (section I). Section IV concludes this paper by offering recommendations for complementing the DPIA requirement in the GDPR: (1) to expand the scope of the DPIA requirement in the GDPR; (2) to develop methods for conducting such an assessment; (3) to establish ‘reference centres’ on DPIA at data protection authorities (DPAs). This policy brief is addressed predominantly to policy-makers at the EU- and Member State-level, notwithstanding the potential interest it might gain from their counterparts elsewhere in the world.

Data protection and passenger name record in judicial criminal matters under the EU–UK Trade and Cooperation Agreement

2021 ◽  
pp. 203228442199492
Author(s):  
Catherine Van de Heyning
Keyword(s):  
United Kingdom ◽  
Data Protection ◽  
Personal Data ◽  
Cooperation Agreement ◽  
Judicial Cooperation ◽  
The United Kingdom ◽  
Record Data ◽  
Criminal Matters ◽  
The Impact ◽  
The Eu

The submission discusses the provisions in the EU–UK Trade and Cooperation Agreement on data protection as well as the consequences for the exchange of passenger name record data in the field of criminal and judicial cooperation. The author concludes that the impact of the Agreement will depend on the resolvement of the United Kingdom to uphold the standards of protection of personal data equivalent to the EU’s in order to reach an adequacy decision.

scholarly journals L’invalidità del Safe Harbor Agreement

2018 ◽  
Author(s):  
Fabiana Accardo
Keyword(s):  
European Union ◽  
Data Protection ◽  
Personal Data ◽  
Safe Harbor ◽  
The European Union ◽  
Court Of Justice ◽  
The Us ◽  
Data Protection Law ◽  
The Impact ◽  
The Eu

The purpose of this article is that to explain the impact of the landmark decision Schrems c. Data Protection Commissioner [Ireland] - delivered on 7 October 2015 (Case C-362/2014 EU) by the Court of Justice - on the European scenario. Starting from a brief analysis of the major outcomes originated from the pronunciation of the Court of Justice, then it tries to study the level of criticality that the Safe Harbor Agreement and the subsequently adequacy Commission decision 2000/520/EC – that has been invalidated with Schrems judgment – have provoked before this pronunciation on the matter of safeguarding personal privacy of european citizens when their personal data are transferred outside the European Union, in particular the reference is at the US context. Moreover it focuses on the most important aspects of the new EU-US agreement called Privacy Shield: it can be really considered the safer solution for data sharing in the light of the closer implementation of the Regulation (EU) 2016/679, which will take the place of the Directive 95 /46/CE on the EU data protection law?

scholarly journals Data Protection and the EPPO

2019 ◽  
Vol 10 (1) ◽  
pp. 34-43
Author(s):  
Paul De Hert ◽  
Vagelis Papakonstantinou
Keyword(s):  
Law Enforcement ◽  
Data Processing ◽  
Data Protection ◽  
Personal Data ◽  
The European Union ◽  
Specific Level ◽  
European Public ◽  
Regulatory Model ◽  
Regulatory Landscape ◽  
The Eu

The European Public Prosecutor’s Office (the ‘EPPO’) necessarily processes personal data in order to fulfil its mission; As such, it falls squarely within the European Union (EU) data protection regulatory landscape. However, because the EU data protection regulatory landscape itself is currently found at a crossroads, an analysis of the EPPO data protection model may be twofold: First, placing it within the proper cross-organization dialogue currently taking place on the future regulatory model of personal data processing for law enforcement purposes carried out at EU level. Second, at an EPPO-specific level, whereby the actual data protection regime afforded to it may be assessed. This article purports to elaborate upon the above two data protection dimensions of EPPO personal data processing activities: It presents considerations and policy options during the lawmaking period that resulted in the establishment of the EPPO, it analyses the data protection regime ultimately awarded to it and attempts to, critically, place the EPPO data protection model within its proper operational and legislative environment.

Privacy & Data Protection in Sport Industry

2020 ◽  
pp. 1-9
Author(s):  
Tataru Stefan Razvan ◽  
Irene Nica
Keyword(s):  
Data Protection ◽  
Daily Life ◽  
Personal Data ◽  
Sensitive Data ◽  
Sports Industry ◽  
Sport Industry ◽  
European Regulations ◽  
The Impact ◽  
General Regulation ◽  
Sports Activities

Sports activities attract an impressive number of participants, manifesting themselves in a multitude of forms, in leisure or performance sports, in and out of the sports ground. In the context in which the sports industry processes a variety of personal data of athletes, including sensitive data such as information concerning health, we aim to analyse the impact of the General Regulation on the protection of personal data in sports activities. In the first part of the study we analysed the incidence of sport in daily life and the forms of organization of sports structures. Subsequently, we focused our attention in particular on the way in which the personal data of the athletes are processed, the rights they enjoy under the new European regulations and the measures that the operators should ensure for the protection of these data.

Article 38 Position of the data protection officer

2020 ◽  
Author(s):  
Cecilia Alvarez Rigaudias ◽  
Alessandro Spina
Keyword(s):  
Impact Assessment ◽  
Data Protection ◽  
Personal Data ◽  
Data Breach ◽  
Supervisory Authority ◽  
Data Subject

Article 13(1)(b) (Information to be provided where personal data are collected from the data subject) (see too recitals 60–61); Article 14(1)(b) (Information to be provided where personal data have not been obtained from the data subject) (see too recital 61); Article 30 (Records of processing activities) (see too recital 82); Article 33 (Notification of a personal data breach to the supervisory authority) (see too recital 85); Article 35 (Data protection impact assessment) (see too recitals 90–91); Article 36 (Prior consultation) (see too recital 94); Article 37 (Designation of the Data Protection Officer) (see too recital 97); Article 39 (Tasks of the data protection officer) (see too recitals 77 and 97); Article 47 (Binding corporate rules) (see too recital 108); Article 52(1) (Independence of supervisory authorities) (see too recitals 117–118 and 120–121); Article 57 (Tasks of supervisory authorities) (see too recital 122); Article 69 (Independence of the EDPB) (see too recital 139).

Article 37 Designation of the data protection officer

2020 ◽  
Author(s):  
Cecilia Alvarez Rigaudias ◽  
Alessandro Spina
Keyword(s):  
Impact Assessment ◽  
Data Protection ◽  
Personal Data ◽  
Data Breach ◽  
Supervisory Authority

Article 30 (Records of processing activities) (see too recital 82); Article 33 (Notification of a personal data breach to the supervisory authority) (see too recital 85); Article 35 (Data protection impact assessment) (see too recitals 90–91); Article 36 (Prior consultation) (see too recital 94); Article 38 (Position of the data protection officer) (see too recital 97); Article 39 (Tasks of the data protection officer) (see too recitals 77 and 97).

scholarly journals Odpowiedzialność karna za utrudnianie i udaremnianie prowadzenia kontroli na gruncie ustawy o ochronie danych osobowych z dnia 10 maja 2018 r. Podstawowe zagadnienia karnoprawne

2020 ◽  
Vol 30 (4) ◽  
pp. 165-180
Author(s):  
Daria Sieradzka
Keyword(s):  
Comparative Analysis ◽  
Data Protection ◽  
Criminal Liability ◽  
Personal Data ◽  
Supervisory Authority ◽  
Personal Data Protection ◽  
Eu Legislation ◽  
Characteristic Features ◽  
The Eu ◽  
The Way

The paper analyses two provisions of the Act of 10 May 2018 on Personal Data Protection. It describes the structure and characteristic features of acts which obstruct or frustrate an inspection of compliance with personal data protection provisions. The paper emphasises the importance of powers held by a supervisory authority, the President of the Office for Personal Data Protection, especially in the context of the EU legislation. The article also gives examples of interrelationship between the controller and the entity that is controlled and discusses the way this impacts criminal liability. It presents a comparative analysis of the said provision alongside its analogous provision which is related to inspection carried out under Article 55 of the Act of 14 December 2018 on Personal Data Protection in Connection with Preventing and Fighting Crime. The final conclusions include some proposals for, inter alia, the analysis of problems noted by the Personal Data Protection Office while conducting control proceedings in the years 2018–2019.

Is There Anything Left of the Portuguese Law Implementing the GDPR?

2020 ◽  
pp. 125-139
Author(s):  
Graça Canto Moniz
Keyword(s):  
European Union ◽  
Data Processing ◽  
Data Protection ◽  
Legislative Process ◽  
European Union Law ◽  
General Data Protection Regulation ◽  
Supervisory Authority ◽  
General Data ◽  
The Law

The entry into force of the General Data Protection Regulation (GDPR) was expected to cause difficulties to data controllers and data processors mostly due to the practical consequences of the accountability principle and the role of risk. However, in Portugal, there were supplementary problems triggered by two events: the long legislative process of the national law implementing the GDPR and the decision of the national supervisory authority to disapply nine provisions of it. In August 2019, the Portuguese Parliament adopted the law implementing the GDPR, Law 58/2019, and one month later, the Portuguese supervisory authority, Comissão Nacional de Proteção de Dados, decided that nine articles of the recently adopted national law were incompatible with European Union Law. This chapter aims to address this chain of events, to understand the reasoning behind the decision of the Portuguese authority, and to tackle its practical consequences to day-to-day data-processing activities of data controllers and data processors. Overall, it also aims to evaluate what is left of the national piece of legislation after this decision.

Article 39 Tasks of the data protection officer

2020 ◽  
Author(s):  
Cecilia Alvarez Rigaudias ◽  
Alessandro Spina
Keyword(s):  
Impact Assessment ◽  
Data Protection ◽  
Personal Data ◽  
Data Breach ◽  
Supervisory Authority

Article 30 (Records of processing activities) (see too recital 82); Article 33 (Notification of a personal data breach to the supervisory authority) (see too recital 85); Article 35 (Data protection impact assessment) (see too recitals 90–91); Article 36 (Prior consultation) (see too recital 94); Article 37 (Designation of the data protection officer) (see too recital 97); Article 38 (Position of the data protection officer) (see too recital 97); Article 47 (Binding corporate rules) (see too recital 108); Article 57 (Tasks of supervisory authorities) (see too recital 122).

Sign in / Sign up

Export Citation Format

Share Document