Law and technology in data processing: Risk-based approach in EU data protection law and implementation challenges in Croatia

2017 ◽  
Author(s):  
Nina Gumzej
Keyword(s):  
Data Processing ◽  
Data Protection ◽  
Implementation Challenges ◽  
Law And Technology ◽  
Data Protection Law

Intelligente Systeme – Intelligentes Recht

2021 ◽  
Keyword(s):  
Intellectual Property ◽  
Data Protection ◽  
Law School ◽  
Law And Technology ◽  
The Face ◽  
Science Conference ◽  
Data Protection Law ◽  
Smart Technologies ◽  
Adaptive Technologies ◽  
The Relationship

The relationship between law and technology is becoming increasingly complex due to the rapid advance of digitization and the development of new and "smart" technologies. Traditional anthropocentric concepts of law seem to be in question. Moreover, the ways in which law is made and applied are changing. In the face of new and adaptive technologies, must law and its enforcement themselves become more adaptive, and how can this be done? In their contributions to the 6th GRUR Young Science conference, young scientists will address these questions from the perspective of intellectual property, media, competition, information and data protection law and will present their theses for discussion at the online conference organized at Bucerius Law School on June 4 and 5, 2021. With contributions by Dr. Jonas Botta, Dr. Michael Denga, Prof. Dr. Philipp Hacker, Dr. Elsa Kirchner, David Korb, David Linke, Janine Marinello, Ferdinand Müller, Stefan Papastefanou, Dr. Joachim Pierer, Darius Rostam, Martin Schüßler, Florian Skupin, Sebastian Theß and Nora Wienfort.

Generalklauseln im Datenschutzrecht

2021 ◽  
Vol 54 (1) ◽  
pp. 1-35
Author(s):  
Nikolaus Marsch ◽  
Timo Rademacher
Keyword(s):  
Data Processing ◽  
Data Protection ◽  
Personal Data ◽  
Constitutional Court ◽  
Sensitive Data ◽  
Public Authorities ◽  
Public Purpose ◽  
Basic Law ◽  
Data Protection Law ◽  
High Degree

German data protection laws all provide for provisions that allow public authorities to process personal data whenever this is ‘necessary’ for the respective authority to fulfil its tasks or, in the case of sensitive data in the meaning of art. 9 GDPR, if this is ‘absolutely necessary’. Therewith, in theory, data protection law provides for a high degree of administrative flexibility, e. g. to cope with unforeseen situations like the Coronavirus pandemic. However, these provisions, referred to in German doctrine as ‘Generalklauseln’ (general clauses or ‘catch-all’-provisions in English), are hardly used, as legal orthodoxy assumes that they are too vague to form a sufficiently clear legal basis for public purpose processing under the strict terms of the German fundamental right to informational self-determination (art. 2‍(1), 1‍(1) German Basic Law). As this orthodoxy appears to be supported by case law of the German Constitutional Court, legislators have dutifully reacted by creating a plethora of sector specific laws and provisions to enable data processing by public authorities. As a consequence, German administrative data protection law has become highly detailed and confusing, even for legal experts, therewith betraying the very purpose of legal clarity and foreseeability that scholars intended to foster by requiring ever more detailed legal bases. In our paper, we examine the reasons that underlie the German ‘ban’ on using the ‘Generalklauseln’. We conclude that the reasons do not justify the ban in general, but only in specific areas and/or processing situations such as security and criminal law. Finally, we list several arguments that do speak in favour of a more ‘daring’ approach when it comes to using the ‘Generalklauseln’ for public purpose data processing.

Surveillance in Public Spaces as a Means of Protecting Security

Cyber Crime ◽  
2013 ◽  
pp. 300-309
Author(s):  
Anna Tsiftsoglou
Keyword(s):  
Data Processing ◽  
Crime Prevention ◽  
Data Protection ◽  
Public Safety ◽  
Personal Data ◽  
Public Spaces ◽  
Security Measure ◽  
Data Protection Authority ◽  
Data Protection Law ◽  
Protection Authority

The Greek Data Protection Authority (DPA) was asked in July 2009 to review a proposed legislation that was exempting personal data processing via camera installations in public spaces from the scope of the Greek Data Protection Law 2472/1997. Such an exemption was justified, among other reasons, for the protection of public safety and crime prevention. This paper examines the legitimacy of this security measure from two angles: European and Greek Law. Furthermore, our analysis focuses on questions of privacy, the concept of public safety and its application, as well as the DPA’s role in safeguarding citizens’ privacy even in city streets.

Data Processing as an Abuse of Market Power in Multi-Sided Markets. The More Competition-Oriented Approach in the German Federal Supreme Court’s Interim Decision KVR 69/19 – Facebook

2021 ◽  
Author(s):  
Mark-Oliver Mackenrodt
Keyword(s):  
Data Processing ◽  
Supreme Court ◽  
Market Power ◽  
Data Protection ◽  
Competition Law ◽  
Competition Authority ◽  
Data Protection Law ◽  
Court Proceedings ◽  
The Relationship ◽  
Federal Supreme

Abstract The relationship between competition law and data protection law has been a highly controversial issue following the German Competition Authority’s (Bundeskartellamt, hereinafter ‘Competition Authority’) decision with regard to Facebook’s data processing policy. The Competition Authority’s theory of harm was centered around an exploitative abuse of market power through the imposition of a data processing policy which is in conflict with the data protection rules. In the interim court proceedings, the OLG Düsseldorf criticized the Competition Authority’s decision. The German Federal Supreme Court (Bundesgerichtshof, hereinafter ‘Federal Supreme Court’) upheld the Competition Authority’s decision. However, the Federal Supreme Court did not derive the exploitative abuse primarily from a mere violation of data protection law. Instead, the Court referred to the users’ lack of freedom of choice. The Court developed a modified theory of harm by identifying elements of an exploitative abuse but also of an exclusionary abuse. The Court’s line of argument is more competition-oriented and accounts for the particular economic features of multi-sided markets. In this line of reasoning, an actual violation of the data protection rules is not a necessary prerequisite for finding a violation of competition law.

Brazil's Data Protection Law

2021 ◽  
pp. 98-118
Author(s):  
Felipe Palhares
Keyword(s):  
European Union ◽  
Data Processing ◽  
Data Protection ◽  
The European Union ◽  
General Data Protection Regulation ◽  
Comprehensive Data ◽  
General Data ◽  
Data Protection Law ◽  
European Counterpart ◽  
Game Changer

After several years discussing the creation of a comprehensive data protection law, Brazil finally has its first law that specifically addresses this area -and that will be a game-changer on regulating data processing activities in the country and abroad – in force. Although Brazil's data protection law bears many similarities with the European Union General Data Protection Regulation, it also deviates from its European counterpart in several aspects. This chapter intends to provide an overview of the background relating to laws that carry privacy and data protection provisions in their core and to thoroughly analyze Brazil's new data protection law.

A Process-based Approach to Informational Privacy and the Case of Big Medical Data

2019 ◽  
Vol 20 (1) ◽  
pp. 257-290 ◽  
Author(s):  
Michael Birnhack
Keyword(s):  
Big Data ◽  
Data Processing ◽  
Human Dignity ◽  
Data Protection ◽  
Linear Logic ◽  
Personal Data ◽  
Medical Data ◽  
Informational Privacy ◽  
Ex Post ◽  
Data Protection Law

Abstract Data protection law has a linear logic, in that it purports to trace the lifecycle of personal data from creation to collection, processing, transfer, and ultimately its demise, and to regulate each step so as to promote the data subject’s control thereof. Big data defies this linear logic, in that it decontextualizes data from its original environment and conducts an algorithmic nonlinear mix, match, and mine analysis. Applying data protection law to the processing of big data does not work well, to say the least. This Article examines the case of big medical data. A survey of emerging research practices indicates that studies either ignore data protection law altogether or assume an ex post position, namely that because they are conducted after the data has already been created in the course of providing medical care, and they use de-identified data, they go under the radar of data protection law. These studies focus on the end-point of the lifecycle of big data: if sufficiently anonymous at publication, the previous steps are overlooked, on the claim that they enjoy immunity. I argue that this answer is too crude. To portray data protection law in its best light, we should view it as a process-based attempt to equip data subjects with some power to control personal data about them, in all phases of data processing. Such control reflects the underlying justification of data protection law as an implementation of human dignity. The process-based approach fits current legal practices and is justified by reflecting dignitarian conceptions of informational privacy.

Surveillance in Public Spaces as a Means of Protecting Security

2011 ◽  
pp. 93-102 ◽  
Author(s):  
Anna Tsiftsoglou
Keyword(s):  
Data Processing ◽  
Crime Prevention ◽  
Data Protection ◽  
Public Safety ◽  
Personal Data ◽  
Public Spaces ◽  
Security Measure ◽  
Data Protection Authority ◽  
Data Protection Law ◽  
Protection Authority

The Greek Data Protection Authority (DPA) was asked in July 2009 to review a proposed legislation that was exempting personal data processing via camera installations in public spaces from the scope of the Greek Data Protection Law 2472/1997. Such an exemption was justified, among other reasons, for the protection of public safety and crime prevention. This paper examines the legitimacy of this security measure from two angles: European and Greek Law. Furthermore, our analysis focuses on questions of privacy, the concept of public safety and its application, as well as the DPA’s role in safeguarding citizens’ privacy even in city streets.

Importance of Personal Data Protection Law for Commercial Air Transport

2017 ◽  
Vol 2017 (1) ◽  
pp. 35-44
Author(s):  
Dawid Zadura
Keyword(s):  
Data Protection ◽  
Public Information ◽  
Personal Data ◽  
Air Transport ◽  
Civil Aviation ◽  
Aviation Industry ◽  
Personal Data Protection ◽  
It Systems ◽  
Data Protection Law ◽  
The Law

Abstract In the review below the author presents a general overview of the selected contemporary legal issues related to the present growth of the aviation industry and the development of aviation technologies. The review is focused on the questions at the intersection of aviation law and personal data protection law. Massive processing of passenger data (Passenger Name Record, PNR) in IT systems is a daily activity for the contemporary aviation industry. Simultaneously, since the mid- 1990s we can observe the rapid growth of personal data protection law as a very new branch of the law. The importance of this new branch of the law for the aviation industry is however still questionable and unclear. This article includes the summary of the author’s own research conducted between 2011 and 2017, in particular his audits in LOT Polish Airlines (June 2011-April 2013) and Lublin Airport (July - September 2013) and the author’s analyses of public information shared by International Civil Aviation Organization (ICAO), International Air Transport Association (IATA), Association of European Airlines (AEA), Civil Aviation Authority (ULC) and (GIODO). The purpose of the author’s research was to determine the applicability of the implementation of technical and organizational measures established by personal data protection law in aviation industry entities.

Sign in / Sign up

Export Citation Format

Share Document