Your search keyword '"GENERAL Data Protection Regulation, 2016"' showing total 196 results

1. РЕАЛІЗАЦІЯ ПРАВА НА ЗАБУТТЯ У ОНЛАЙН-АРХІВАХ: ПРАКТИКА ЄСПЛ

Author

О. С., Яворська

Subjects

DATA protection, RIGHT of privacy, DIGITAL technology, GENERAL Data Protection Regulation, 2016, RIGHT to be forgotten, FREEDOM of expression, PERSONALLY identifiable information

Abstract

The article is devoted to the legal analysis of the development of the right to be forgotten in the digital age. The author analyses the features of the exercise of the right to be forgotten taking into account the practice of the ECHR. It is established that the right to be forgotten reflects the ability of an individual to demand the deletion or deactivation (de-indexing) of information, including personal data, its depersonalization or the application of other technical measures that limit access to certain information for a specific circle of users. It is proven that in Ukraine there is practically no legal regulation on the right to be forgotten, the exception is certain legislative provisions on the protection of personal data; in the EU countries the General Data Protection Regulation GDPR is in force, which regulates certain aspects of the right to be forgotten in the context of the exercise of the right to protection of personal data. It is established that archives serve as an important source of information about modern history, local events, therefore legally published information must remain in archives (including online archives) intact and complete. It is established that the ECtHR has repeatedly emphasized that national authorities should be particularly vigilant when considering requests based on respect for privacy to delete or modify the electronic version of an archived article, the legality of whic h was not questioned at the time of its first publication. It is proven that the practice of the ECtHR reflects the trends of recent years in prioritizing the protection of personal data in cases concerning the balance of the right to privacy of individuals and the right to freedom of the media, freedom of expression. It is proven that the practice of the ECtHR has updated the criteria that courts and data controllers must take into account in order to properly balance competing interests in cases concerning the exercise of the right to be forgotten in online archives, but a number of unresolved questions still remain: what should be done in cases where a person whose request for deletion was granted has decided to become a civil servant or public figure; on what grounds may the court choose an alternative measure to ensure the right to be forgotten (delisting or deindexing), and others. It is argued that the practice of the ECHR on the right to be forgotten is helpful in interpreting the content of the right to be for gotten, and the possibilities of its protection. [ABSTRACT FROM AUTHOR]

Published

2024

2. Data, digital markets, and the economic value of privacy.

Author

Zamparini, Luca

Subjects

*GENERAL Data Protection Regulation, 2016, *RIGHT of privacy, *VALUE (Economics), *MARKET value, *INTERNET marketing, *PERSONALLY identifiable information

Abstract

The paper considers the role that the development of digital markets has played on the economic value of privacy in the last decades. It first discusses the possible definitions of privacy by highlighting the high degree of heterogeneity. It then assesses the economic value of privacy and how it has been influenced by digital technologies, in terms of costs, benefits and externalities. The paper also examines the digital paradox, i.e. the dichotomy between privacy attitudes and privacy behavior. It then proposes a series of empirical findings on the value of digital privacy, by underscoring the high degree of contextuality of this measure. Lastly, the paper discusses the relevance of regulations, especially the General Data Protection Regulation by the EU and the California Privacy Rights Act, to meet the requirements of fair information practices and their economic effects. [ABSTRACT FROM AUTHOR]

Published

2024

3. THE PROTECTION OF SENSITIVE PERSONAL DATA AND PRIVACY IN THE US AND EU WITH A FOCUS ON HEALTH DATA CIRCULATING THROUGH HEALTH APPS.

Author

TURNŠEK, Ema and KRALJIĆ, Suzana

Subjects

*DATA protection, *DATA privacy, *GENERAL Data Protection Regulation, 2016, *DATA security failures, *PERSONALLY identifiable information, *RIGHT of privacy

Abstract

In today's modern world, we have more than one global actor leading the economy and rapid technological development. The article focuses specifically on the right to sensitive data protection, or more broadly the right to privacy, in American and in EU legal system. This paper shows distinctions between the two and systematically demonstrates the protection of personal data in EU through years. Exploring these distinctions and different interpretations of the right to data protection is significant, because of the potential impacts on the consumer in particular, possibly resulting in being granted different rights when acquiring services in the EU or America. We will also analyse the fundamental legal acts, which are the cornerstones of data privacy. As its main focus, the article will also examine the provisions concerning sensitive personal data, in particular health data. Furthermore, the article will study some specific concerns in connection to the American smart phone, smartwatch and computer health apps that are not fully compliant with basic EU legal principles, human rights or the General Data Protection Regulation. While the technology is so advanced and users may access these apps from anywhere across the world, such apps, and their privacy policies or other typical contracts, should comply with the relevant legislation, valid in the state of user's nationality or remaining. The paper examines and substantiates the latter through two recent cases. In one, data breaches were punished by imposing a relatively high fine, and in the other case example, no punitive action was yet taken. That being said, the article argues the insufficient data protection framework that does not necessarily provide a consumer with appropriate safeguards, which is especially relevant in cases of transmission of personal health data. [ABSTRACT FROM AUTHOR]

Published

2024

4. Metagenomic Sequencing for Early Detection of Future Engineered Pandemics: Foreshadowing the Privacy Challenge.

Author

Eyal, Nir, Williams, Bridget, Esvelt, Kevin M., and Bambauer, Jane

Subjects

HEALTH Insurance Portability & Accountability Act, RIGHT of privacy, PUBLIC health surveillance, GENERAL Data Protection Regulation, 2016, DATA privacy

Abstract

The article explores the use of metagenomic sequencing for early detection of potential engineered pandemics, emphasizing the importance of disease monitoring systems. It discusses concerns about privacy in metagenomic monitoring and the need to balance privacy protection with public health benefits. Legal challenges, public acceptability issues, and ethical considerations surrounding privacy tradeoffs in pandemic response are also addressed. The document includes references to bioethics, public health, and surveillance, as well as information on relevant laws and regulations like HIPAA and the General Data Protection Regulation. [Extracted from the article]

Published

2024

5. THE RIGHT TO BE FORGOTTEN REGARDING GENETIC DATA: A LEGAL AND ETHICAL ANALYSIS.

Author

Correia, Mónica, Rego, Guilhermina, and Nunes, Rui

Subjects

*RIGHT to be forgotten, *DATA privacy, *GENETIC privacy, *GENERAL Data Protection Regulation, 2016, *RIGHT of privacy

Abstract

This article investigates an under-discussed provision of the European Union's (EU's) General Data Protection Regulation (GDPR) regarding genetic data, i.e., the right to be forgotten. The debate on this right came from the commercerelated side of data protection instead of the medical side. Thus, this article addresses the implications of the RTBF for the lawful processing of familial genetic data. The article develops a normative, ethically focused principles argument about interpreting genetic data's right to be forgotten. It gives due consideration to autonomy, privacy, and human dignity. It argues that the individualistic approach of genetic privacy materialised through the extreme solution of data erasure is challenging to combine with familial and scientific research interests. The article suggests an interpretation of the GDPR according to bioethical principles and the inclusion of a specific exception regarding genetic data to prevent patients from claiming the right to be forgotten. [ABSTRACT FROM AUTHOR]

Published

2024

6. AS LEIS DE PROTEÇÃO DE DADOS E SUA APLICAÇÃO AO TREINAMENTO DE IA.

Author

Wesley Borges, Davi, Giammelaro Michelini, Henrique, Schultz Campos, Estevao, and Hollanda, Alciomar

Subjects

GENERAL Data Protection Regulation, 2016, DATA protection laws, ARTIFICIAL intelligence, RIGHT of privacy, COMPARATIVE law

Abstract

Copyright of Revista Foco (Interdisciplinary Studies Journal) is the property of Revista Foco and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2024

7. "Senator ... I'm Singaporean!": Privacy Regulation and Data Transfers in Cross-Border Corporations.

Author

Norris, Michelle

Subjects

UNITED States-Mexico-Canada Agreement, GENERAL Data Protection Regulation, 2016, RIGHT of privacy, DATA privacy, CONGRESSIONAL hearings (U.S.)

Abstract

A recent congressional hearing involving social media companies, including TikTok and Facebook, made headlines when Senator Tom Cotton of Arkansas grilled the TikTok CEO, Shou Zi Chew, repeatedly asking him if he had ties to China or its Communist Party. The Singaporean CEO, who has served as TikTok's CEO since 2021, repeatedly replied, "Senator . . . I'm Singaporean!" While Senator Cotton, evoking McCarthy-era sentiments, was severely criticized for his racism and what appears to be a lack of understanding about corporate governance, another problem emerged. TikTok, which is a subsidiary of the Chinese-owned ByteDance, operates in countries around the world and stores its data in Malaysia, Singapore, and the United States. In today's global privacy landscape, each of these countries has differing privacy laws that, at times, conflict regarding how to handle and transfer data. The lack of consensus on how to store and transfer consumer data exposes corporations to the potential risk of hacking if proper oversight and precautions are not followed. Accordingly, with data becoming a new global currency for expanding businesses, governments must work together to find a solution that streamlines the handling, storage, and transfer of data. Using the United States-Mexico-Canada Agreement as a baseline to create a crossborder data transfer treaty, this Article proposes a multilateral agreement akin to the General Data Protection Regulation to protect consumer data and remove confusion about conflicts of law. [ABSTRACT FROM AUTHOR]

Published

2024

8. EL DERECHO FUNDAMENTAL DE PROTECCIÓN DE DATOS DE LOS TRABAJADORES Y EL IMPACTO DE LAS NUEVAS TECNOLOGÍAS EN ELÁMBITO LABORAL EN ESPAÑA.

Author

Martínez Cristóbal, Daniel

Subjects

DATA protection, DATA privacy, TECHNOLOGICAL innovations, RIGHT of privacy, GENERAL Data Protection Regulation, 2016, PERSONALLY identifiable information

Abstract

Copyright of Revista Opinião Jurídica is the property of Revista Opiniao Juridica and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2024

9. Putting Interests of Digital Nagriks First: Digital Personal Data Protection (DPDP) Act 2023 of India.

Author

Malhotra, Charru and Malhotra, Udbhav

Subjects

DATA protection, DATA privacy, GENERAL Data Protection Regulation, 2016, RIGHT of privacy, PERSONALLY identifiable information, DATA security laws

Abstract

The increasing application of artificial intelligence (AI) and the extensive collection, storage and analysis of personal data by service providers have heightened privacy concerns. To address unauthorised use and potential misuse of personal information, the Government of India introduced the Digital Personal Data Protection (DPDP) Act on 11 August 2023 aimed at enhancing the living standards of its digital citizens, termed as 'digital nagriks ' in this study. This research evaluates the DPDP Act's impact on digital nagriks across six sections, starting with an introduction to the necessity of privacy legislation and an overview of global privacy laws from countries like Singapore, the European Union and China. It then explores the origin and fundamental aspects of the DPDP Act, leveraging the literature to critically analyse its implications for privacy. The study presents observations on the Act's current state, recommends adjustments for balancing privacy with innovation and security and highlights the need for stronger enforcement mechanisms to protect digital nagriks effectively. It concludes that while the DPDP Act is a positive advancement, explicit exceptions in future regulations could further refine this balance. [ABSTRACT FROM AUTHOR]

Published

2024

10. Privacy and Democracy.

Author

Aisenberg, Michael A., Gellman, Robert, Joel, Alex, and Mok, Charles

Subjects

RIGHT of privacy, DATA protection laws, FREEDOM of Information Act (U.S.), GENERAL Data Protection Regulation, 2016, PERSONAL finance, DATA privacy, INTERNET privacy

Abstract

The article "Privacy and Democracy" discusses the relationship between privacy and democracy, focusing on the impact of information technology on privacy norms in 2024. It explores the role of Fair Information Practices (FIPs) in shaping privacy laws globally and the challenges of balancing privacy and national security in democracies. The article also highlights the importance of privacy as a civil liberty and the need for comprehensive privacy legislation to protect individual rights and democratic institutions. Additionally, it addresses the implications of technological advancements, such as AI and machine learning, on privacy and democracy, emphasizing the critical role of privacy in safeguarding democratic principles. [Extracted from the article]

Published

2024

11. Data revolutions and privacy scares.

Author

Cameron, Sophie

Subjects

DATA privacy, DATA protection laws, DATA protection, PERSONALLY identifiable information, RIGHT of privacy, GENERAL Data Protection Regulation, 2016

Published

2024

12. What Oil's History Reveals About AI's Future.

Author

Ferguson, Niall and Levin, John-clark

Subjects

GENERAL Data Protection Regulation, 2016, COMPUTER programming, RIGHT of privacy, ACCESS to archives, BUSINESSPEOPLE, PERSONALLY identifiable information

Abstract

The article discusses the current state and future prospects of artificial intelligence (AI). It addresses concerns that the AI bubble may burst, similar to previous technology bubbles, and questions whether AI can deliver long-term value like the internet has. The article argues that while some skeptics believe AI progress will hit a brick wall due to a lack of data, historical evidence suggests otherwise. It explains that data, like oil, varies in difficulty and cost of extraction, and while some data is readily available, a significant amount remains inaccessible. The article concludes that as AI advances, the industry will drill for more expensive data sources, and competition for high-quality data may impact superpower politics. However, advancements in synthetic data generation and self-play techniques may reduce the industry's reliance on massive amounts of data in the future. [Extracted from the article]

Published

2024

13. POTENTIAL CONFLICTS IN PERSONAL DATA PROTECTION UNDER CURRENT LEGISLATION IN VIETNAM COMPARED WITH EUROPEAN GENERAL DATA PROTECTION REGULATION.

Author

Hoa Thanh Ha and Tuan Van Vu

Subjects

DATA protection, GENERAL Data Protection Regulation, 2016, DATA privacy, RIGHT of privacy, LEGISLATIVE hearings, PERSONALLY identifiable information

Abstract

Background: Transatlantic data transfers are a critical component of the global digital economy, facilitating commerce and communication among countries worldwide. However, these transfers have been fraught with legal and regulatory challenges, particularly concerning protecting personal data due to the lack of a comprehensive global privacy law. Methods: This comparative, descriptive study exploits secondary resources by comparing and contrasting the principles of the European General Data Protection Regulation and the new Decree on personal data protection in Vietnam to provide deep insights into the differences between them. Results and Conclusions: Although the Decree takes advantage of many of the European General Data Protection Regulation's principles, i.e., the rights of data subjects, consent requirements, and the need for impact assessments, it has its provisions specific to the Vietnamese context, such as the absence of "legitimate interests" as a legal basis for processing and the unique enforcement mechanisms. Despite many similarities, the specific requirements around consent, data subject rights, breach notification, extraterritorial data transfers, and enforcement mechanisms might result in conflicts among these legislative documents. The Decree, which would become more effective, shall rely on its enforcement mechanisms and the ability to impose meaningful sanctions for non-compliance; thus, it should incorporate a more detailed sanctions regime to deter violations effectively. [ABSTRACT FROM AUTHOR]

Published

2024

14. Five years with the GDPR: an empirical study emphasising information privacy and the consumer.

Author

Presthus, Wanda and Sørum, Hanne

Subjects

GENERAL Data Protection Regulation, 2016, DATA privacy, RIGHT of privacy, INTERNET privacy, RESEARCH questions, DIFFUSION of innovations theory

Abstract

Consumers' privacy rights have been enshrined in law, long before information systems and the Internet was brought to life. In 2018, stricter regulations relating to information privacy came into force, named the General Data Protection Regulation (GDPR). Using elements of Roger's diffusion of innovations theory, we investigated the research question: How has five years of the GDPR influenced consumer's knowledge, attitude, and practice of their enhanced rights? We draw on empirical data collected in Norway through four online survey questionnaires over five years (N=1293). Quantitative (descriptive statistics) and qualitative analyses (manual cluster text mining) were performed to obtain a state-of-the-art mapping of insights on consumers and their information privacy. Our findings show that the respondents' answers remained similar over the years, and that the GDPR has not had a significant influence on the consumer. The respondents demonstrated a high degree of knowledge regarding both the regulation and technology, such as cookies. Their attitude was sceptical, as they valued their enhanced rights but questioned the feasibility. Regarding their practice, our findings reveal diversity. Some respondents took careful actions to protect their privacy, while most did not. The present paper should be interesting to both the industry (practitioners) and academia (researchers). [ABSTRACT FROM AUTHOR]

Published

2024

15. Beschäftigtendatenschutz im Zusammenhang mit KI-Anwendungen.

Author

Klocker, Sebastian

Subjects

DATA protection, GENERAL Data Protection Regulation, 2016, WORKERS' rights, RIGHT of privacy, ARTIFICIAL intelligence

Abstract

Copyright of Kurswechsel is the property of Beirat fur gesellschafts-wirtschafts-und umweltpolitische Alternativen (BEIGEWUM) and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2024

16. MURKY CONSENT: AN APPROACH TO THE FICTIONS OF CONSENT IN PRIVACY LAW.

Author

SOLOVE, DANIEL J.

Subjects

*RIGHT of privacy, *ACQUISITION of data, *INFORMATION storage & retrieval systems, *GENERAL Data Protection Regulation, 2016, *DATA protection laws

Abstract

Consent plays a profound role in nearly all privacy laws. As Professor Heidi Hurd aptly said, consent works "moral magic"--it transforms things that would be illegal and immoral into lawful and legitimate activities. As to privacy, consent authorizes and legitimizes a wide range of data collection and processing. There are generally two approaches to consent in privacy law. In the United States, the notice-and-choice approach predominates: organizations post a notice of their privacy practices and people are deemed to consent if they continue to do business with the organization or fail to opt out. In the European Union, the General Data Protection Regulation ("GDPR") uses the express consent approach, where people must voluntarily and affirmatively consent. Both approaches fail. The evidence of actual consent is nonexistent under the notice-and-choice approach. Individuals are often pressured or manipulated, undermining the validity of their consent. The express consent approach also suffers from these problems--people are ill-equipped to decide about their privacy, and even experts cannot fully understand what algorithms will do with personal data. Express consent also is highly impractical; it inundates individuals with consent requests from thousands of organizations. Express consent cannot scale. In this Article, I contend that most of the time, privacy consent is fictitious. Privacy law should take a new approach to consent that I call "murky consent." Traditionally, consent has been binary--an on/off switch--but murky consent exists in the shadowy middle ground between full consent and no consent. Murky consent embraces the fact that consent in privacy is largely a set of fictions and is at best highly dubious. Because it conceptualizes consent as mostly fictional, murky consent recognizes its lack of legitimacy. To return to Hurd's analogy, murky consent is consent without magic. Rather than provide extensive legitimacy and power, murky consent should authorize only a very restricted and weak license to use data. Murky consent should be subject to extensive regulatory oversight with an ever-present risk that it could be deemed invalid. Murky consent should rest on shaky ground. Because the law pretends people are consenting, the law's goal should be to ensure that what people are consenting to is good. Doing so promotes the integrity of the fictions of consent. I propose four duties to achieve this end: (1) duty to obtain consent appropriately; (2) duty to avoid thwarting reasonable expectations; (3) duty of loyalty; and (4) duty to avoid unreasonable risk. The law can't make the tale of privacy consent less fictional, but with these duties, the law can ensure the story ends well. [ABSTRACT FROM AUTHOR]

Published

2024

17. Building bridges in the data jungle: A path to global trust: With India's evolving data laws, certification mechanisms like CBPR offer businesses a competitive edge while fostering trusted cross-border data flows.

Author

BHATTACHARYA, JAIJIT and RAI, RITVIK

Subjects

DATA privacy, DATA protection, GENERAL Data Protection Regulation, 2016, RIGHT of privacy, DATA protection laws

Published

2024

18. Data, Privacy Laws and Firm Production: Evidence from the GDPR.

Author

Demirer, Mert, Hernández, Diego J. Jiménez, Dean Li, and Peng, Sida

Subjects

GENERAL Data Protection Regulation, 2016, RIGHT of privacy, INFORMATION technology

Abstract

By regulating how firms collect, store, and use data, privacy laws may change the role of data in production and alter firm demand for information technology inputs. We study how firms respond to privacy laws in the context of the EU's General Data Protection Regulation (GDPR) by using seven years of data from a large global cloud-computing provider. Our difference-indifference estimates indicate that, in response to the GDPR, EU firms decreased data storage by 26% and data processing by 15% relative to comparable US firms, becoming less "dataintensive." To estimate the costs of the GDPR for firms, we propose and estimate a production function where data and computation serve as inputs to the production of "information." We find that data and computation are strong complements in production and that firm responses are consistent with the GDPR, representing a 20% increase in the cost of data on average. Variation in the firm-level effects of the GDPR and industry-level exposure to data, however, drives significant heterogeneity in our estimates of the impact of the GDPR on production costs. [ABSTRACT FROM AUTHOR]

Published

2024

19. EVROPSKA REGULACIJA ZAŠTITE PODATAKA NA INTERNETU.

Author

Vojisavljević, Marija

Subjects

EUROPEAN Convention on Human Rights, DATA protection, PERSONALLY identifiable information, DATA privacy, GENERAL Data Protection Regulation, 2016, RIGHT of privacy

Abstract

Copyright of Eudaimonia - Journal for Legal, Political & Social Theory & Philosophy is the property of University of Belgrade, Faculty of Law and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2024

20. Practitioners' Corner ∙ How Effectively Do Consent Notices Inform Users About the Risks to Their Fundamental Rights?

Author

Grassl, Paul, Gerber, Nina, and von Grafenstein, Max

Subjects

GENERAL Data Protection Regulation, 2016, DATA protection laws, RIGHT of privacy, CONSENT (Law), CIVIL rights

Abstract

The article focuses on the prevalence of consent notices on websites following the implementation of legal regulations like the GDPR, raising questions about their effectiveness in informing users about privacy risks. Topics include the criticism of the 'notice and consent' system, challenges in users' understanding of data transactions, and proposing an interdisciplinary methodology to assess the effectiveness of consent notices in informing users about risks to their fundamental rights.

Published

2024

21. The Rise of the Neuroslave: Is the EU Normative Framework Fit to Grant Protection Against the Employers Accessing the Worker's Mental States?

Author

Sosa Navarro, Marta

Subjects

EMPLOYERS, WORK environment, RIGHT of privacy, WORKERS' rights, GENERAL Data Protection Regulation, 2016

Abstract

Are employers allowed under EU law to use brain data as part of the growing trend of workplace surveillance? And if so, how should this be regulated to ensure full respect of labour rights? What role does the workers' consent play in this context? Through the examination of the legal protection offered to mental data by the GDPR and the potential of the opening clause enshrined in its Article 88 as a tool to protect workers from neurosurveillance, this paper aims to answer some of these questions. Ultimately, through the combined analysis of scholarly writings, data protection and labour legislation adopted in EU Member States and the relevant ECtHR and CJUE case-law, this work provides the basis for a broader discussion on whether the legal safeguards currently in force are sufficient to grant protection against the employers accessing workers' mental states. [ABSTRACT FROM AUTHOR]

Published

2024

22. Shedding Light on the Inadequate Protection of Internet Users' Right to Privacy under Kuwaiti Law.

Author

Almutairi, Noura Hezam

Subjects

DATA privacy, RIGHT of privacy, GENERAL Data Protection Regulation, 2016, DIGITAL technology, DATA protection laws, TELECOMMUNICATION

Abstract

Digital technology such as AI has enabled private companies to collect and analyse people's personal information, which may infer hidden private data about the individual, such as medical data or psychological state. The inferred private information can be sold to third parties or used to target advertisements without the individual's knowledge and explicit consent. Private companies, therefore, pose a risk to internet users' right to privacy in the digital world. As such, the legal system should have a comprehensive Data Privacy law that provides internet users with adequate legal protection for preserving their right to privacy against private companies. Still, Kuwait lacks comprehensive Data Privacy. The only two data privacy mechanisms are embodied in chapter 7 under the Electronic Transaction Act (ETA) No. 20 of 2014 and the Regulation of User Protection and Privacy issued by the Communication and Information Technology Regulatory Authority (CITRA). This paper finds that the fragmented Kuwaiti laws concerning the individual's right to privacy inadequately protect internet users' right to privacy against the risk posed by private companies, and therefore, legislative interventions are needed. This paper concludes with proposing essential recommendations for the Kuwaiti Legislative Authority to issue a comprehensive data privacy law, using European Union's General Data Protection Regulation as a guidance framework (GDPR), to strengthen internet users' right to privacy (as control over their personal information) against the risk private companies pose. [ABSTRACT FROM AUTHOR]

Published

2024

23. ETHICAL IMPLICATIONS AND HUMAN RIGHTS VIOLATIONS IN THE AGE OF ARTIFICIAL INTELLIGENCE.

Author

HOXHAJ, Oljana, HALILAJ, Belinda, and HARIZI, Ardi

Subjects

*HUMAN rights violations, *ARTIFICIAL intelligence, *GENERAL Data Protection Regulation, 2016, *RIGHT of privacy, *DATA privacy, *TECHNOLOGICAL innovations, *INTERNET privacy

Abstract

In an era marked by technological advancements, the proliferation of Artificial Intelligence (AI) systems has ushered in a new wave of possibilities and challenges, deeply interwoven with the stringent legal framework established by the General Data Protection Regulation (GDPR) within the European Union. This research paper adopts a multidisciplinary approach, encompassing theoretical analysis, ethical frameworks, and empirical case studies. By scrutinizing real-world AI applications across various domains, we aim to provide a nuanced understanding of the ethical implications and societal ramifications of AI's integration into our lives, while meticulously adhering to the GDPR's data protection and privacy provisions. The GDPR's principles of lawfulness, fairness, transparency, and data minimization serve as ethical benchmarks, ensuring that AI applications respect individual privacy and data protection rights. We delve into the GDPR's provisions concerning automated decision-making, profiling, and data subject rights, elucidating their pivotal role in upholding human rights in the context of AI's burgeoning influence. Our inquiry underscores the urgency of adopting a responsible and GDPR-compliant approach to AI development and deployment. By emphasizing the need for ethical guidelines and regulatory measures, we advocate for the safeguarding of human rights and dignity within the AI-driven world. It is within this nexus of ethical considerations and legal imperatives, particularly those set forth by the GDPR, that the profound impact of AI on human rights and dignity is unveiled. Our research contributes to the ongoing discourse and provides a roadmap toward a future where AI aligns harmoniously with the robust privacy and data protection standards mandated by European privacy laws, ensuring the preservation of individual rights in the digital age. [ABSTRACT FROM AUTHOR]

Published

2023

24. Blockchain, Legal Interpretation, and Contextuality as Tools to Establish Privacy and Fundamental Rights Protection Amid Geopolitical and Legal Uncertainty.

Author

Blandino, Pierangelo

Subjects

*RIGHT of privacy, *CIVIL rights, *DATA privacy, *GENERAL Data Protection Regulation, 2016, *BLOCKCHAINS, *PERSONALLY identifiable information

Abstract

This summary explores the degree of rights' protection when it comes to States forms of surveillance under a concise legal comparative outline. Given today's interdependence put into being first by Global Governance patterns and then by exchange on platforms, attention will be drawn to the Chinese Personal Information Protection Law (PIPL), American Clarifying Lawful Overseas Use of Data Act (Cloud Act) and the EU General Data Protection Regulation (GDPR), along with the recently adopted Data Privacy Framework (DPF). At a second stage, new possible techniques are considered to properly tackle these unprecedented changes that challenge traditional legal patterns. [ABSTRACT FROM AUTHOR]

Published

2023

25. An Analytical Review of Industrial Privacy Frameworks and Regulations for Organisational Data Sharing.

Author

Ghorashi, Seyed Ramin, Zia, Tanveer, Bewong, Michael, and Jiang, Yinhao

Subjects

INFORMATION sharing, GENERAL Data Protection Regulation, 2016, DATA protection, RIGHT of privacy, PRIVACY

Abstract

This study examines the privacy protection challenges in data sharing between organisations and third-party entities, focusing on changing collaborations in the digital age. Utilising a mixed-method approach, we categorise data-sharing practices into three business models, each with unique privacy concerns. The research reviews legal regulations like the General Data Protection Regulation (GDPR), highlighting their emphasis on user privacy protection but noting a lack of specific technical guidance. In contrast, industrial privacy frameworks such as NIST and Five Safes are explored for their comprehensive procedural and technical guidance, bridging the gap between legal mandates and practical applications. A key component of this study is the analysis of the Facebook–Cambridge Analytica data breach, which illustrates the significant privacy violations and their wider implications. This case study demonstrates how the principles of the NIST and Five Safes frameworks can effectively mitigate privacy risks, enhancing transparency and accountability in data sharing. Our findings highlight the dynamic nature of data sharing and the vital role of both privacy regulations and industry-specific frameworks in protecting individual privacy rights. This study contributes insights into the development of robust privacy strategies, highlighting the necessity of integrating comprehensive privacy frameworks into organisational practices for improved decision making, operational efficiency, and privacy protection in collaborative data environments. [ABSTRACT FROM AUTHOR]

Published

2023

26. Conducting a Data Protection Impact Assessment in Health Science: A Comprehensive Guide.

Author

Corrales Compagnucci, Marcelo, Dahi, Alan, and Alexander Earls Davis, Peter

Subjects

HEALTH impact assessment, DATA protection, GENERAL Data Protection Regulation, 2016, RIGHT of privacy, SCIENCE projects

Abstract

This article provides a guide to conducting a data protection impact assessment (DPIA) for data sharing within health science research. Given the sensitivity of data in health sciences, a DPIA is vital to ensure adherence to data protection regulations and safeguard individual rights and privacy. This guide outlines the core components of a DPIA, including defining its purpose and scope, evaluating the necessity of data processing activities, gauging potential risks, and strategizing effective risk mitigation. By demystifying the DPIA process, this article empowers researchers and stakeholders to execute responsible and ethical data practices in line with the General Data Protection Regulation (GDPR) standards. Additionally, it offers practical examples, tools and resources to enhance the efficiency of conducting DPIAs in health science projects. [ABSTRACT FROM AUTHOR]

Published

2023

27. THE GREAT REGULATORY DODGE.

Author

Nissenbaum, Helen, Strandburg, Katherine, and Viljoen, Salomé

Subjects

*RIGHT of privacy, *GENERAL Data Protection Regulation, 2016, *CONSUMER contracts, *CONSUMER law, *PRIVACY, *DATA protection laws, *HEALTH Insurance Portability & Accountability Act

Abstract

U.S. privacy law is in a renewed moment of regulatory possibility, with both Congress and the states considering sweeping consumer privacy laws. These new proposals to enact "omnibus" privacy protections could be couched as an antidote to the current U.S. privacy regime: a patchwork of sectoral privacy laws stitched atop the background of FTC consumer contract enforcement. However, this Essay maintains that a one-size-fits-all approach cannot successfully capture both privacy's value and its variability. Yet, it is clearly the case that the present- day sectoral regime in the United States suffers from significant shortcomings. These shortcomings allow behaviors that seem clearly to violate privacy to flourish, effectively gouging meaningful oversight from sectoral privacy laws. We call these "regulatory dodges." Understanding and addressing these dodges is essential to preserving the value of contextual privacy protection. We first focus on specific health (the Health Insurance Portability and Accountability Act of 19961 ("HIPAA")) and financial (the Gramm-Leach-Bliley Act2 ("GLBA")) privacy regulations to elucidate two illustrative types of regulatory dodges. We then use the General Data Protection Regulation ("GDPR") and the California Consumer Privacy Act3 ("CCPA") (as amended by the Consumer Privacy Rights Act) to illustrate why omnibus regulation may not solve these problems. We conclude with proposals for designing more contextually sensitive, gap-free privacy law. [ABSTRACT FROM AUTHOR]

Published

2023

28. Access Control Management System for Edge Computing Environment Using Tag‐Based Matching and Cache Injection.

Author

Shimahara, Shogo, Nohara, Masato, and Nishi, Hiroaki

Subjects

*ACCESS control, *EDGE computing, *GENERAL Data Protection Regulation, 2016, *COMPUTER systems, *RIGHT of privacy, *DATA protection laws

Abstract

With increasing attention to the secondary use of data, privacy protection laws such as the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) have come into force to protect residents from unauthorized exploitation of personal data. Flow management is an effective method to track the distribution of user data in a multi‐domain network environment. Transparency in the relationship between data and service providers is essential to track the status of data provision. Vendor and Consumer Relationship Management (VCRM) manages this relationship by regulating relevant flow information. VCRM is expected to collaborate with the edge‐computing environment in the management of regional unit flow, wherein all access to personal user data should be restricted in accordance with the stakeholders' requests. Accordingly, this study proposes a packet processing function that collaborates with VCRM to manage the access control of flows passing through a regional network. Moreover, this paper proposes methods to reduce packet processing time on the switch, and requests to the switch controller. Using tag‐based matching and cache injection methods, the number of requests to the controller decreased to 33.4% of the original figure. Our proposed method also reduces the total processing time on flow management switches in the network environment in the analysis of encrypted TCP streams such as HTTP over TLS and MQTT over TLS. © 2023 Institute of Electrical Engineer of Japan and Wiley Periodicals LLC. [ABSTRACT FROM AUTHOR]

Published

2023

29. The significance of general data protection regulation in the compliant data contribution to the European Society of Thoracic Surgeons database.

Author

Bertolaccini, Luca, Falcoz, Pierre-Emmanuel, Brunelli, Alessandro, Batirel, Hasan, Furak, Jozsef, Passani, Stefano, and Szanto, Zalan

Subjects

*GENERAL Data Protection Regulation, 2016, *DATABASES, *DATA protection, *RIGHT of privacy, *DATA management

Abstract

Open in new tab Download slide The General Data Protection Regulation (GDPR), enacted in the European Union in 2018, has significantly transformed the landscape of personal data management and protection. This article provides an overview of GDPR's impact, focusing on its applicability, fundamental principles and influence on data management practices, particularly within the European Society of Thoracic Surgeons (ESTS) database. GDPR's reach extends to all entities collecting and processing personal data of European Union residents, regardless of their location. It encompasses various data types, emphasizing meticulous handling and protection of identifiable information. Special categories of data, such as health and sensitive attributes, require even more stringent protection. The regulation sets legal, fair and transparent data processing principles, emphasizing accuracy, purpose limitation and data minimization. It also stresses accountability, leading to the appointment of Data Protection Officers and significant penalties for non-compliance. The ESTS database, designed to enhance thoracic surgical research and care, collects data on European procedures. It follows GDPR principles by pseudonymizing data, ensuring secure data transmission and providing clear instructions for data submission. The database contributes to research, policymaking and practice improvement in thoracic surgery by offering a comprehensive dataset for analysis. Here, we aim to shed light on the complexities of GDPR implementation and emphasize the need for comprehensive data management strategies to ensure compliance and enhance privacy protection with the contribution to the ESTS database. GDPR compliance comes with challenges, including potential human dignity and privacy rights violations. Data breaches can result in unauthorized disclosures, and non-compliance can lead to substantial fines and reputational damage. The implementation of GDPR encourages organizations to prioritize ethical data practices, security measures and transparent data handling. In conclusion, GDPR has revolutionized personal data protection by emphasizing accountability, transparency and individual rights. It has impacted organizations globally, promoting responsible data management practices. Adhering to GDPR ensures privacy protection, trust-building and overall enhancement of data management in today's data-driven environment. [ABSTRACT FROM AUTHOR]

Published

2023

30. DATA PROTECTION AND PRIVACY AS A FUNDAMENTAL RIGHT: A COMPARATIVE STUDY OF BRAZIL AND INDIA.

Author

Campanha Santana, Paulo and Ansari, Faiz Ayat

Subjects

DATA privacy, RIGHT of privacy, PERSONALLY identifiable information, CIVIL rights, GENERAL Data Protection Regulation, 2016, FREEDOM of expression

Abstract

This paper aimed to analyze how Brazil and India faced the challenge of a large amount of personal information being exchanged, stored, and analyzed. The relevance lies in the fact that data protection and privacy were concepts discussed almost everywhere in the world since the era of Big Data highlighted the challenge of protecting these fundamental rights. Therefore, the research problem was to analyze to what extent these countries effectively faced the challenge presented. The methodology used was exploratory and hypothetical-deductive. As a result, it was identified that the rights to privacy and personal data were not absolute and had to be balanced with other social interests, such as public security, law enforcement, and freedom of expression. It was concluded that inspired by international standards on the subject, such as the Universal Declaration of Human Rights (UDHR), the International Covenant on Civil and Political Rights (ICCPR), and the General Data Protection Regulation (GDPR) of the European Union, both countries had legislative protection over these rights and a framework to address them. The legislation provided fundamental principles, but only time will show their effectiveness. [ABSTRACT FROM AUTHOR]

Published

2023

31. The Rights to Privacy and Data Protection in Times of Armed Conflict.

Subjects

*DATA protection laws, *WAR, *DATA privacy, *RIGHT of privacy, *DATA protection, *GENERAL Data Protection Regulation, 2016

Published

2023

32. Privacy Rights and Data Security: GDPR and Personal Data Markets.

Author

Ke, T. Tony and Sudhir, K.

Subjects

RIGHT of privacy, DATA privacy, PRICE discrimination, DATA security, PERSONALLY identifiable information, GENERAL Data Protection Regulation, 2016, DATA security insurance

Abstract

General Data Protection Regulation (GDPR)—the European Union's data protection regulation—has two key principles. It recognizes that individuals own and control their personal (but not contractual) data in perpetuity, leading to three critical privacy rights, namely, the rights to (i) explicit consent (data opt-in), (ii) to be forgotten (data erasure), and (iii) portability (data transfer). It also includes data security mandates against privacy breaches through unauthorized access. We study GDPR's equilibrium impact by including these features in a dynamic two-period model of forward-looking firms and consumers. Firms collect consumer data for personalization and price discrimination. Consumers trade off gains from personalization relative to potential losses from privacy breaches and price discrimination in their purchase, data opt-in, erasure, and transfer decisions. Though data security mandates impose fines on firms for privacy breaches, firms can benefit from higher opt-in given lower breach risk. Surprisingly, data security mandates can hurt consumers. The effect of privacy rights is nuanced. Since the right to opt in separates goods exchange from the provision of personal data, it prevents market failure under high breach risk. But it also reduces consumer opt-in and personal data availability. Erasure and portability rights reduce consumers' hold-up concerns by disciplining firms to provide ongoing value by limiting price discrimination and not slacking off on data security; but they also reduce the incentive to offer lower initial prices that encourages opt-in. Overall, privacy rights always benefit consumers in competitive markets, but they can surprisingly hurt consumers under monopoly, as monopolists have less incentives to subsidize consumer opt-in. They raise (reduce) firm profit and social welfare when breach risk is high (low). Finally, privacy rights increase firm profit most at moderate levels of data transferability. This paper was accepted by Dmitri Kuksov, marketing. Funding: T. T. Ke acknowledges financial support from the General Research Fund of the Hong Kong Research Grants Council [Grant 14500421]. Supplemental Material: The e-companion is available at https://doi.org/10.1287/mnsc.2022.4614. [ABSTRACT FROM AUTHOR]

Published

2023

33. Personal Data as Consideration.

Author

Dudás, Gábor János, Kovács, András György, and Schultz, Márton

Subjects

SOFT law, PERSONALLY identifiable information, GENERAL Data Protection Regulation, 2016, INTELLECTUAL property, RIGHT of publicity, RIGHT of privacy

Abstract

This article argues that personal data may have a commercial value in the European legal systems, and as such it can function as a consideration and has a quid pro quo character. It claims that the European Data Protection Board (EDPB) should not exclude that data concerning the data subject can be used as contractual consideration, especially in the world of the Internet. In particular, it cannot be excluded solely on the basis that the right to privacy is not transferable, a position taken thus far in the EDPB's practice. This proposed new approach is supported by the fact that in some EU Member States the property aspects of the general right of personality have been recognized, a stance which may also apply to personal data, without the need to recognize a kind of data ownership or sui generis intellectual property right in the data. Thus, the theory of commercial aspects of personality rights can be linked to the commercial value of personal data. The quid pro quo function of personal data may also be recognized in line with the provisions of the General Data Protection Regulation (GDPR). In fact, maintaining the interpretation of the EDPB - which denies the quid pro quo character of personal data from a fundamental rights perspective - means that the dangers of such data processing cannot be assessed. This affects cultural heritage in many aspects - from the sending of newsletters to selling merchandise products in museums. The EDPB's guidelines, as soft law, have no direct impact on the case-law of the national courts, thus this also significantly increases the risk of a collision between the simultaneously available remedy regimes established by the GDPR. [ABSTRACT FROM AUTHOR]

Published

2023

34. The data trap.

Author

Falkenmire, Ben

Subjects

DATA privacy, DATA protection, DATA protection laws, RIGHT of privacy, CUSTOMER retention, GENERAL Data Protection Regulation, 2016

Published

2023

35. Digital Privacy: GDPR and Its Lessons for Australia.

Author

Das Chaudhury, Ratul and Choe, Chongwoo

Subjects

DATA privacy, RIGHT of privacy, DIGITAL technology, GENERAL Data Protection Regulation, 2016, DATA protection laws, HIGH technology industries

Abstract

Australia's Privacy Act 1988 is under review with a view to bringing Australia's privacy laws into the digital era, more in line with the European Union's General Data Protection Regulation (GDPR). This article discusses how the GDPR can be refined and standardised to be more effective in protecting privacy in the digital era while not adversely affecting the digital economy that relies heavily on data. We argue that an ideal data policy should be informative and transparent about potential privacy costs while giving consumers a menu of opt‐in choices into which they can self‐select. [ABSTRACT FROM AUTHOR]

Published

2023

36. Consumer Preferences for Privacy Management Systems.

Author

Hanneke, Björn, Baum, Lorenz, Schlereth, Christian, and Hinz, Oliver

Subjects

GENERAL Data Protection Regulation, 2016, DISCRETE choice models, CONSUMER preferences, CONSUMER behavior, RIGHT of privacy

Abstract

This work presents insights into consumer preferences regarding Privacy Management Systems in the context of the General Data Protection Regulation (GDPR). The authors perform a Choice-Based Conjoint experiment with consumers (n = 589) to elicit preferences over four attributes and compute usage likelihoods for all product configurations. Results show that data sharing for marketing purposes and discounts are the most important attributes for consumers. Furthermore, consumers prefer digital access to privacy-related information, detailed rights management for data sharing and no data sharing for marketing purposes. Moreover, a cluster analysis reveals differing importance weights across clusters. The study concludes that incorporating consumer preferences into the design and development process of Privacy Management Systems could increase their use and effectiveness, ultimately strengthening consumers’ privacy rights and companies’ legal compliance. The authors suggest researching legal, business, and consumer requirements more holistically to converge these perspectives to improve Privacy Management Systems adoptions. [ABSTRACT FROM AUTHOR]

Published

2023

37. A Recent Renaissance in Privacy Law: Considering the recent increased attention to privacy law issues amid the typically slow pace of legal change.

Author

Kaminski, Margot

Subjects

*RIGHT of privacy, *AMERICAN law, *MASS surveillance, *GENERAL Data Protection Regulation, 2016

Abstract

The author discusses trends in U.S. privacy law as of late 2020, particularly concerning data privacy. The article examines the history of U.S. privacy laws, compares and contrasts U.S. privacy laws with the European Union (E.U.) General Data Protection Regulation (GDPR), and U.S. Supreme Court cases regarding government surveillance and what they may portend for privacy laws. It also discusses the California Consumer Privacy Act (CCPA).

Published

2020

38. الوجود القانوني للحق يف النسيان الرقمي "دراسة مقارنة".

Author

حممد أمحد عبد اح&#1604

Subjects

RIGHT of privacy, PERSONALLY identifiable information, RIGHT to be forgotten, LEGAL judgments, COMPARATIVE method, RECOLLECTION (Psychology), GENERAL Data Protection Regulation, 2016, DIGNITY

Abstract

Copyright of Police Thought is the property of Sharjah Police Research Center and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2023

39. THE LIMITATIONS OF PRIVACY RIGHTS.

Author

Solove, Daniel J.

Subjects

RIGHT of privacy, GENERAL Data Protection Regulation, 2016

Abstract

Individual privacy rights are often at the heart of information privacy and data protection laws. The most comprehensive set of rights, from the European Union's General Data Protection Regulation (GDPR), includes the right to access, right to recertification (correction), right to erasure (deletion), right to restriction, right to data portability, right to object, and right to not be subject to automated decisions. Privacy laws around the world include many of these rights in various forms. In this Article, I contend that although rights are an important component of privacy regulation, rights are often asked to do far more work than they are capable of doing. Rights can only give individuals a small amount of power. Ultimately, rights are at most capable of being a supporting actor, a small component of a much larger architecture. I advance three reasons why rights can't serve as the bulwark of privacy protection. First, rights put too much onus on individuals when many privacy problems are systematic. Second, individuals lack the time and expertise to make difficult decisions about privacy, and rights can't practically be exercised at scale with the number of organizations than process people's data. Third, privacy can't be protected by focusing solely on the atomistic individual. The personal data of many people is interrelated, and people's decisions about their own data have implications for the privacy of other people. The main goal of providing privacy rights aims to provide individuals with control over their personal data. However, effective privacy protection involves not just facilitating individual control, but also bringing the collection, processing, and transfer of personal data under control. Privacy rights are not designed to achieve the latter goal, and they fail at the former goal.. After discussing these overarching reasons why rights are insufficient for the oversized role they currently play in privacy regulation, I discuss the common privacy rights and why each falls short of providing effective privacy protection. For each right, I propose broader structural measures that can achieve its goals in a more systematic, rigorous, and less haphazard way. [ABSTRACT FROM AUTHOR]

Published

2023

40. In/acceptable marketing and consumers' privacy expectations: four tests from EU data protection law.

Author

Malgieri, Gianclaudio

Subjects

DATA protection laws, GENERAL Data Protection Regulation, 2016, RIGHT of privacy, CONSUMERS, PRIVACY, SCHOLARSHIPS

Abstract

Purpose: This study aims to discover the legal borderline between licit online marketing and illicit privacy-intrusive and manipulative marketing, considering in particular consumers' expectations of privacy. Design/methodology/approach: A doctrinal legal research methodology is applied throughout with reference to the relevant legislative frameworks. In particular, this study analyzes the European Union (EU) data protection law [General Data Protection Regulation (GDPR)] framework (as it is one of the most advanced privacy laws in the world, with strong extra-territorial impact in other countries and consequent risks of high fines), as compared to privacy scholarship on the field and extract a compliance framework for marketers. Findings: The GDPR is a solid compliance framework that can help to distinguish licit marketing from illicit one. It brings clarity through four legal tests: fairness test, lawfulness test, significant effect test and the high-risk test. The performance of these tests can be beneficial to consumers and marketers in particular considering that meeting consumers' expectation of privacy can enhance their trust. A solution for marketers to respect and leverage consumers' privacy expectations is twofold: enhancing critical transparency and avoiding the exploitation of individual vulnerabilities. Research limitations/implications: This study is limited to the European legal framework scenario and to theoretical analysis. Further research is necessary to investigate other legal frameworks and to prove this model in practice, measuring not only the consumers' expectation of privacy in different contexts but also the practical managerial implications of the four GDPR tests for marketers. Originality/value: This study originally contextualizes the most recent privacy scholarship on online manipulation within the EU legal framework, proposing an easy and accessible four-step test and twofold solution for marketers. Such a test might be beneficial both for marketers and for consumers' expectations of privacy. [ABSTRACT FROM AUTHOR]

Published

2023

41. Exploring the Impact of GDPR on Big Data Analytics Operations in the E-Commerce Industry.

Author

Haddara, Moutaz, Salazar, A, and Langseth, Marius

Subjects

BIG data, VIRTUAL communities, GENERAL Data Protection Regulation, 2016, ELECTRONIC commerce, DATA protection laws, RIGHT of privacy

Abstract

This research explores the impact of data privacy and protection laws on e-commerce companies in the Netherlands. Specifically, this study focuses on the General Data Protection Regulation (GDPR). The purpose of this regulation is to refine privacy laws and emphasize the importance of consumer protection and consent. GDPR might challenge enterprises, especially data-driven organizations. Notably, the e-commerce industry is known for relying heavily on big data analytics, business intelligence, and other data-related technologies. Multiple semi-structured interviews with e-commerce professionals and consumers were conducted to gain a deeper understanding of the impact of GDPR based on the strategies employed by e-commerce companies and the online user experience of customers in the Netherlands. The main findings show that while GDPR compliance incurred additional costs for companies, it also improved data security and increased customer trust. Furthermore, the results also suggest that GDPR affects the e-commerce analytics operations in organizations after its adoption. Thus, many organizations have altered their practices to achieve compliance with the laws. The findings of this research contribute to the ongoing exploration of the effects of GDPR on online retail businesses that utilize (big) data analytics. [ABSTRACT FROM AUTHOR]

Published

2023

42. Peculiarities of personal data protection according to European and Ukrainian legislation.

Author

Didenko, Larysa, Spasova, Ekaterina, Mykhailova, Iryna, Tserkovna, Olena, and Yarmaki, Volodymyr

Subjects

DATA protection, GENERAL Data Protection Regulation, 2016, DATA protection laws, RIGHT of privacy, PERSONALLY identifiable information, DATA warehousing

Abstract

Copyright of Cuestiones Políticas is the property of Revista Cuestiones Politicas and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2022

43. Artificial Intelligence and Data Protection: A Comparative Analysis of AI Regulation through the Lens of Data Protection in the EU and Brazil.

Author

Pinheiro, Patricia Peck and Battaglini, Helen Batista

Subjects

DATA protection, ARTIFICIAL intelligence, GENERAL Data Protection Regulation, 2016, RIGHT of privacy, DATA protection laws

Abstract

Artificial intelligence (AI) is already a major part of our daily lives. From unlocking our smartphones with our faces to receiving film recommendations on streaming platforms, AI is part of our routines. In recent years, a widespread adoption of AI technologies both by public and private agencies has been observed. Notwithstanding the many conveniences it has created, the use of AI also involves many risks for people individually and for society as a whole. For instance, it may jeopardise fundamental rights such as privacy and data protection or even intensify existing discrimination against minorities. For this reason, various nations are now facing the challenge of regulating AI without limiting its development. In terms of data protection, the European General Data Protection Regulation (GDPR) has been consistently applied and enforced in the European Union (EU) and has inspired many other data protection laws that came after it, such as the one in Brazil. In Brazil, the General Data Protection Law (LGPD) has finally come into force and is slowly being enforced. In 2021, a series of legislative initiatives concerning the development and use of AI systems drew the attention of governments, academics and the tech industry around the world. In the EU, the European Commission released a proposal for regulation in April that presents harmonised rules on AI. Meanwhile, in Brazil, in September, the Chamber of Deputies approved a rather superficial bill aiming to regulate AI in the country. Thus, one can wonder: what is the impact of data protection laws on AI regulations? And how could Brazil benefit once again from following the EU's lead on regulating AI? In order to answer these questions, this article begins by explaining the concept of AI. It then presents the relation between AI and privacy and data protection as well as the main principles that guide privacy and data protection under both EU and Brazilian data protection laws. Subsequently, it introduces the EU legal framework for AI and focuses on the risk-based approach. Later, it presents the proposed Brazilian bill, focusing on its main principles from a comparative perspective with the EU. Finally, it will conclude how Brazil can benefit from taking inspiration from the EU experience on AI regulation. [ABSTRACT FROM AUTHOR]

Published

2022

44. Opinions ∙ The GDPR at Five (and Beyond).

Author

Talus, Anu

Subjects

GENERAL Data Protection Regulation, 2016, DATA protection, TECHNOLOGY, RIGHT of privacy

Abstract

The article focuses on the five-year anniversary of the General Data Protection Regulation (GDPR), highlighting its global impact on data protection norms. Topics include the transformation of the European Data Protection Board (EDPB), its evolving role in enforcement, and future plans for continued guidance, technological adaptation, and involvement in new legislative frameworks for the Digital Single Market.

Published

2023

45. Facebook and Spotify warn Europe could lag in AI due to complex regulations.

Author

Swain, Gyana

Subjects

*LANGUAGE models, *GENERAL Data Protection Regulation, 2016, *RIGHT of privacy, *FRAGMENTED landscapes, *DATA protection

Abstract

Facebook CEO Mark Zuckerberg and Spotify CEO Daniel Ek have warned that Europe's complex and fragmented regulatory environment could hinder its ability to compete in the global race for AI leadership. They argue that Europe's current regulatory structure is impeding innovation and holding back developers, and that the region's inconsistent application of the General Data Protection Regulation (GDPR) is creating uncertainty. The CEOs call for a more streamlined and harmonized regulatory approach that balances innovation with user rights and privacy, stating that with the right regulatory environment, Europe could lead the next generation of tech innovation. [Extracted from the article]

Published

2024

46. REFLECTIONS ON THE CONDITION PROVIDED BY ART. 2 (1) GDPR: PERSONAL DATA TO BE PART OF A FILING SYSTEM.

Author

ŞCHIOPU, Silviu-Dorin

Subjects

GENERAL Data Protection Regulation, 2016, FILING systems (Documents), ELECTRONIC data processing, RIGHT of privacy

Abstract

While the processing of personal data which are carried out in whole or in part by automated means are included in the material scope of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, the latter applies to manual processing only in so far as personal data are part of or intended to be part of a filing system. Consultation, disclosure by transmission, dissemination or making available in any other way constitutes processing within the meaning of the General Data Protection Regulation (GDPR). If such processing is carried out by processing other than by automated means, in order to be covered by Regulation (EU) 2016/679 the data must be part of a filing system or be intended to be part of such a system. Thus, a question arises: to what extent making available by manual processing falls within the material scope of the General Data Protection Regulation? The fulfilment of the condition to form part of a filing system or to be intended to form part of a filing system depends on the specific situation and must be established on a case-by-case basis. On the other hand, the interpretation of the Court of Justice of the European Union, which has ruled that the concept of a 'filing system' covers data that are structured according to specific criteria which, in practice, enable them to be easily retrieved for subsequent use, without being necessary to include any search methods, must be taken into account in all cases. Nevertheless, if personal data processed manually falls outside the material scope of the General Data Protection Regulation because the data is not easily retrievable, it is still protected under the right to privacy as long as the data belongs to the sphere of private life. [ABSTRACT FROM AUTHOR]

Published

2022

47. Will the GDPR Restrain Health Data Access Bodies Under the European Health Data Space (EHDS)?

Author

Quinn, Paul, Ellyne, Erika, and Yao, Cong

Subjects

*GENERAL Data Protection Regulation, 2016, *DATA protection laws, *ELECTRONIC data processing, *RIGHT of privacy, *DATA security

Abstract

The plans for a European Health Data Space (EHDS) envisage an ambitious and radical platform that will inter alia make the sharing of secondary health data easier. It will encourage the systematic sharing of health data and provide a legal framework for it to be shared by Health Data Access Bodies (HDABs) based in each of the Member States. Whilst this promises to bring about major benefits for research and innovation, it also raises serious questions given the intrinsic sensitivity of health data. Fears concerning privacy harms on the individual level and detrimental effects on the societal level have been raised. This article discusses two of the main protective pillars designed to allay such concerns. The first is that the proposal clearly outlines several contexts for which a Health Data Access Permit (HDAP) should and should not be granted. The second is that a request for an HDAP must also be compliant with the GDPR (inter alia requiring a valid legal basis and respecting data processing principles such as 'minimization' and 'storage limitation'). As this article discusses, in some instances the need to have a valid legal basis under the GDPR may make it difficult to obtain a data access permit, in particular for some of the commercially orientated grounds outlined within the EHDS proposal. A further important issue concerns the ability of HDABs to analyse the compatibility permit requests under the GDPR and relevant national law at both speed and scale. [ABSTRACT FROM AUTHOR]

Published

2024

48. An automated consistency management approach for a privacy-aware electric vehicle architecture.

Author

Stancke, Jonathan, Plappert, Christian, and Jäger, Lukas

Subjects

*GENERAL Data Protection Regulation, 2016, *RIGHT of privacy, *EUROPEAN Union law, *ELECTRONIC control, *ELECTRIC vehicles

Abstract

Modern vehicles contain a number of highly connected embedded systems that generate, store, and process information and exchange it with their environment. Since a large part of this information is privacy-critical, privacy laws such as the GDPR of the European Union apply to it. In this work, we evaluate the privacy-criticality of exemplary data and data flows of the electric driving domain on a reference architecture. We categorize the ECUs of the architecture based on the criticality of the data they process and propose measures and technologies as building blocks that provide adequate privacy protection according to the requirements given by the GDPR. To ensure that all requirements are met by the reference architecture, we propose a more principled solution that simplifies the mapping between an architecture and the measures. For this purpose, we propose an architecture description template in JSON and an algorithm for automated consistency checks that outputs the measures and the security extension needed per Electronic Control Unit (ECU) to comply with derived privacy requirements. [ABSTRACT FROM AUTHOR]

Published

2024

49. SPIRITED AWAY: THE EU'S ADEQUACY DECISION FOR JAPAN AS A ROADMAP FOR U. S. PRIVACY LAW AFTER SCHREMS II.

Author

Blue, Nick

Subjects

DATA protection laws, GENERAL Data Protection Regulation, 2016, RIGHT of privacy

Abstract

The article focuses on the history of data protection law in the European Union and its importance to Europe. Topics include a description of the General Data Protection Regulation, 2016 and its adequacy requirements; relevant considerations discussed in the Adequacy Decision for Japan and drawing comparisons to the U.S.' data protection measure under the European Union-U.S. Privacy Shield; and Schrems II case on privacy law.

Published

2022

50. CJEU PNR Decision Unplugs the 'Black Box'.

Author

Rotenberg, Marc

Subjects

GENERAL Data Protection Regulation, 2016, CONSTITUTIONAL courts, RIGHT of privacy, ARTIFICIAL intelligence

Abstract

Case C-817/19, Ligue des droits humains v. Conseil des Ministres [2022] ECLI:EU:C:2022:491. [ABSTRACT FROM AUTHOR]

Published

2022