scholarly journals An Exploration of Data Interoperability for GDPR

2018 ◽  
Vol 16 (1) ◽  
pp. 1-21 ◽  
Author(s):  
Harshvardhan J. Pandit ◽  
Christophe Debruyne ◽  
Declan O'Sullivan ◽  
Dave Lewis
Keyword(s):  
Personal Data ◽  
Use Case ◽  
Information Flows ◽  
Data Interoperability ◽  
General Data Protection Regulation ◽  
Data Formats ◽  
General Data ◽  
Strong Motivation ◽  
Data Portability ◽  
The Right

The General Data Protection Regulation (GDPR) specifies obligations that shape the way information is collected, shared, provided, or communicated, and provides rights for receiving a copy of their personal data in an interoperable format. The sharing of information between entities affected by GDPR provides a strong motivation towards the adoption of an interoperable model for the exchange of information and demonstration of compliance. This article explores such an interoperability model through entities identified by the GDPR and their information flows along with relevant obligations. The model categorises information exchanged between entities and presents a discussion on its representation using existing standards. An investigation of data provided under the Right to Data Portability for exploring interoperability in a real-world use-case. The findings demonstrate how the use of common data formats hamper its usability due to a lack of context. The article discusses the adoption of contextual metadata using a semantic model of interoperability to remedy these identified shortcomings.

scholarly journals Standardisation, Data Interoperability, and GDPR

2020 ◽  
pp. 199-225
Author(s):  
Harshvardhan Jitendra Pandit ◽  
Christophe Debruyne ◽  
Declan O'Sullivan ◽  
Dave Lewis
Keyword(s):  
Personal Data ◽  
Data Interoperability ◽  
General Data Protection Regulation ◽  
General Data ◽  
Data Portability ◽  
The Right ◽  
Machine Readable ◽  
The Given ◽  
Readable Format ◽  
Machine Readable Format

The General Data Protection Regulation (GDPR) has changed the ecosystem of services involving personal data and information. It emphasises several obligations and rights, amongst which the Right to Data Portability requires providing a copy of the given personal data in a commonly used, structured, and machine-readable format – for interoperability. The GDPR thus explicitly motivates the use and adoption of data interoperability concerning information. This chapter explores the entities and their interactions in the context of the GDPR to provide an information model for the development of interoperable services. The model categorises information and exchanges and explores existing standards and efforts towards use for interoperable interactions. The chapter concludes with an argument for the use and adoption of structured metadata to enable more expressive services through semantic interoperability.

scholarly journals The Right to Data Portability: conception, status quo, and future directions

2021 ◽  
Author(s):  
Sophie Kuebler-Wachendorff ◽  
Robert Luzsa ◽  
Johann Kranz ◽  
Stefan Mager ◽  
Emmanuel Syrmoudis ◽  
...  
Keyword(s):  
Service Providers ◽  
Personal Data ◽  
The European Union ◽  
Future Directions ◽  
General Data Protection Regulation ◽  
Digital Service ◽  
General Data ◽  
Data Portability ◽  
The One ◽  
The Right

AbstractFor almost three years, the General Data Protection Regulation (GDPR) has been granting citizens of the European Union the right to obtain personal data from companies and to transfer these data to another company. The so-called Right to Data Portability (RtDP) promises to significantly reduce switching costs for consumers in digital service markets, provided that its potential is effectively translated into reality. Thus, of all the consumer rights in the GDPR, the RtDP has the potential to be the one with the most significant implications for digital markets and privacy. However, our research shows that the RtDP is barely known among consumers and can currently only be implemented in a fragmented manner—especially with regard to the direct transfer of data between online service providers. We discuss several ways to improve the implementation of this right in the present article.

scholarly journals How Has the General Data Protection Regulation Changed the Routine of a Public Authority in Romania?

2020 ◽  
Vol 3 (1) ◽  
pp. 17
Author(s):  
Kajcsa Andrea
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Public Authorities ◽  
General Data Protection Regulation ◽  
General Data ◽  
Data Portability ◽  
The Right ◽  
The Impact ◽  
The Eu ◽  
Public Bodies

The changes that have been brought about by the General Data Protection Regulation starting with May 2018 are complex and ambitious. The General Data Protection Regulation is one of the most wide ranging pieces of legislation passed by the EU in recent years, and it introduces many concepts that are yet to be fully discovered in practice, such as the right to be forgotten, data portability and data breach notification. This paper intends to analyze the main obligations that public bodies, particularly, have after the GDPR has entered into force, and to evaluate the impact this legislative act has on the routine activities carried out by public authorities in Romania. To reach our goal, we will make reference to the obligations that are specific to public administration authorities as well as to those that public bodies are exempted from. We will also analyze the national legislative measures adopted in Romania after GDPR started to be in force, and the degree to which these have particularized the way public bodies are allowed and obliged to process personal data in Romania.

scholarly journals Uchybienie przepisom o ochronie danych osobowych jako naruszenie dobra osobistego – analiza na przykładzie orzecznictwa Sądu Najwyższego

2019 ◽  
pp. 245-259
Author(s):  
Bernard Łukanko
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Right To Privacy ◽  
Professional Literature ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
The Right To Privacy ◽  
General Data ◽  
The Right ◽  
Personal Interests

The study is concerned with the issue of mutual relationship between the failure to comply with the laws on personal data protection and regulations relating to the protection of personal interests, including in particular the right to privacy. The article presents the views held by the Supreme Court with respect to the possibility of considering acts infringing upon the provisions of the Personal Data Protection Act of 1997 (after 24 May 2018) and of the General Data Protection Regulation (after 25 May 2018) as violation of personal interests, such as the right to privacy. The author shared the view of the case law stating that, if in specifc circumstances the processing of personal data violates the right to privacy, the party concerned may seek remedy on the grounds of Articles 23 and 24 of the Polish Civil Code. This position isalso relevant after the entry into force of the GDPR which, in a comprehensive and exhaustive manner, directly applicable in all Member States, regulates the issue of liability under civil law for infringements of the provisions of the Regulation, however, according to the position expressed in professional literature, it does not exclude the concurrence of claims and violation of the provisions on the protection of personal interests caused by a specifc event. In case of improper processing of personal data, the remedies available under domestic law on the protection of personal interests may be of particular importance outside the subject matter scope of the GDPR applicability. 

Dude, where's my data? The GDPR in practice, from a consumer's point of view

2020 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Hanne Sørum ◽  
Wanda Presthus
Keyword(s):  
Design Methodology ◽  
Point Of View ◽  
Consumer Market ◽  
Content Type ◽  
General Data Protection Regulation ◽  
General Data ◽  
Data Portability ◽  
The Right ◽  
Data Subject

PurposeThis paper investigates the European Union's General Data Protection Regulation (GDPR) in information systems (ISs). The GDPR consists of 99 articles, and two articles are emphasised – namely Article 15, which deals with rights of access by the data subject, and Article 20, which deals with the right to data portability.Design/methodology/approach15 companies operating in the Norwegian consumer market were randomly selected. Each company received an inquiry pertaining to rights of access by the data subject (Article 15) and the right to data portability (Article 20). The research team carefully analysed the answers received and categorised the responses according to the two articles emphasised.FindingsThe findings show extensive variations among the companies in terms of response time, quality of feedback and how companies handle requests concerning rights of access by the data subject (Article 15) and the right to data portability (Article 20). Differences are also pertaining to the types of files, along with the content of these files. It should be noted, however, that most of the companies replied to the inquiry before the deadline. The findings show that companies comply better with Article 20 than Article 15. However, it appears that they do not differentiate between the two articles.Originality/valueThis study explores a research topic that is relatively new. It addresses a gap in the extant research by highlighting how the GDPR works in practice from a consumer's perspective. In addition, guidelines are offered to the consumers and companies affected by the GDPR.

scholarly journals Can the Internet Forget? – Rhe Eight to be Forgotten in the EU Law and its Actual Impact on the Internet. Comparison of the Approaches Towards the Notion and Assessment of its Effectiveness

2020 ◽  
Vol 9 (1) ◽  
pp. 86-101
Author(s):  
Aleksandra Gebuza
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
The Internet ◽  
Eu Law ◽  
General Data Protection Regulation ◽  
Actual Impact ◽  
Right To Be Forgotten ◽  
General Data ◽  
The Right ◽  
The Eu

AbstractThe main aim of the article is to provide analysis on the notion of the right to be forgotten developed by the CJEU in the ruling Google v. AEPD & Gonzalez and by the General Data Protection Regulation within the context of the processing of personal data on the Internet. The analysis provides the comparison of approach towards the notion between European and American jurisprudence and doctrine, in order to demonstrate the scale of difficulty in applying the concept in practice.

scholarly journals The General Data Protection Regulation in Plain Language

2020 ◽  
Author(s):  
Bart Sloot
Keyword(s):  
Data Protection ◽  
The European Union ◽  
Security Measures ◽  
Plain Language ◽  
Process Data ◽  
General Data Protection Regulation ◽  
General Data ◽  
Data Portability ◽  
Right To Information ◽  
The Right

The General Data Protection Regulation in Plain Language is a guide for anyone interested in the much-discussed rules of the GDPR. In this legislation, which came into force in 2018, the European Union meticulously describes what you can and cannot do with data about other people. Violating these rules can lead to a fine of up to 20 million euros. This book sets out the most important obligations of individuals and organisations that process data about others. These include taking technical security measures, carrying out an impact assessment and registering all data-processing procedures within an organisation. It also discusses the rights of citizens whose data are processed, such as the right to be forgotten, the right to information and the right to data portability.

PROTECTION OF THE RIGHT TO PRIVACY AT WORK IN THE PERIOD OF DYNAMICALLY DEVELOPING TECHNOLOGIES – TODAY AND TOMORROW

2018 ◽  
Vol 1 (XVIII) ◽  
pp. 335-353
Author(s):  
Weronika Kupny
Keyword(s):  
Privacy Protection ◽  
Technology Development ◽  
Personal Data ◽  
Right To Privacy ◽  
General Data Protection Regulation ◽  
The Right To Privacy ◽  
General Data ◽  
The Right ◽  
The Impact ◽  
Modern Technologies

The protection of the right to privacy is one of the basic human rights and as a fundamental subject in most modern laws. Legal systems extend the privacy protection instruments to a significant extent, but at the same time they find reasons to strongly interfere in this area. Certainly, the dynamic development of modern technologies does not help the legislator to find a comprehensive solution. The article deals with the subject of privacy protection in the employment relationship on the area of innovation, technology development. In this study, the author also compares the impact of the use of modern technologies in the workplace today – in the light of the applicable regulations and tomorrow – taking into account enactment of Regulation (EU) 2016/679 of European Parlliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealinf Directive 95/46/EC (General Data Protection Regulation).

From universal towards child-specific protection of the right to privacy online: Dilemmas in the EU General Data Protection Regulation

2017 ◽  
Vol 19 (5) ◽  
pp. 765-779 ◽  
Author(s):  
Milda Macenaite
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Best Interests ◽  
Right To Privacy ◽  
General Data Protection Regulation ◽  
Average Child ◽  
The Right To Privacy ◽  
General Data ◽  
The Right ◽  
The Eu

The new European Union (EU) General Data Protection Regulation aims to adapt children’s right to privacy to the ‘digital age’. It explicitly recognizes that children deserve specific protection of their personal data, and introduces additional rights and safeguards for children. This article explores the dilemmas that the introduction of the child-tailored online privacy protection regime creates – the ‘empowerment versus protection’ and the ‘individualized versus average child’ dilemmas. It concludes that by favouring protection over the empowerment of children, the Regulation risks limiting children in their online opportunities, and by relying on the average child criteria, it fails to consider the evolving capacities and best interests of the child.

scholarly journals Data Portability and Data Control: Lessons for an Emerging Concept in EU Law

2018 ◽  
Vol 19 (6) ◽  
pp. 1359-1398 ◽  
Author(s):  
Inge Graef ◽  
Martin Husovec ◽  
Nadezhda Purtova
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
General Purpose ◽  
Current Data ◽  
Fundamental Rights ◽  
Eu Law ◽  
General Data Protection Regulation ◽  
Data Control ◽  
Data Portability ◽  
The Right

AbstractThe right to data portability (RtDP) introduced by Article 20 of the General Data Protection Regulation (GDPR) forms a regulatory innovation within EU law. The RtDP provides data subjects with the possibility to transfer personal data among data controllers, but has an impact beyond data protection. In particular, the RtDP facilitates the reuse of personal data that private companies hold by establishing a general-purpose control mechanism of horizontal application. Article 20 of the GDPR is agnostic about the type of use that follows from the ported data and its further diffusion. We argue that the RtDP does not fit well with the fundamental rights nature of data protection law, and should instead be seen as a new regulatory tool in EU law that aims to stimulate competition and innovation in data-driven markets.What remains unclear is the extent to which the RtDP will be limited in its aspirations where intellectual property rights of current data holders—such as copyright, trade secrets andsui generisdatabase rights—cause the regimes to clash. In such cases, a reconciliation of the interests might particularly confine the follow-on use of ported data again to specific set of socially justifiable purposes, possibly with schemes of fair remuneration. Despite these uncertainties, the RtDP is already being replicated in other fields, namely consumer protection law and the regulation of non-personal data. Competition law can also facilitate portability of data, but only for purpose-specific goals with the aim of addressing anticompetitive behavior.We conclude that to the extent that other regimes will try to replicate the RtDP, they should closely consider the nature of the resulting control and its breadth and impact on incentives to innovate. In any case, the creation of data portability regimes should not become an end in itself. With an increasing number of instruments, orchestrating the consistency of legal regimes within the Digital Single Market and their mutual interplay should become an equally important concern.

Sign in / Sign up

Export Citation Format

Share Document