Academic literature on the topic 'EU General Data Protection Regulation (GDPR)'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the lists of relevant articles, books, theses, conference reports, and other scholarly sources on the topic 'EU General Data Protection Regulation (GDPR).'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Journal articles on the topic "EU General Data Protection Regulation (GDPR)"
1
Bhaimia, Sahar. "The General Data Protection Regulation: the Next Generation of EU Data Protection." Legal Information Management 18, no. 1 (2018): 21–28. http://dx.doi.org/10.1017/s1472669618000051.
Full textAbstract:
AbstractThis article, written by Sahar Bhaimia, presents an overview of the General Data Protection Regulation (EU) (2016/679) (GDPR) which will apply automatically across the EU on 25 May 2018. The GDPR is an update and reform of existing EU data protection law, first established by the Data Protection Directive (1995/46/EC). The article is for knowledge managers and information services professionals who may be asked to take on responsibility for GDPR, and focuses on the UK. It covers the fundamentals of EU data protection law, highlights key changes brought about by the GDPR, and provides practical tips and suggestions for knowledge managers.
2
Editorial, Team IndraStra Global. "Understanding the DNA of EU's GDPR." IndraStra Global 004, no. 04 (2018): 0021. https://doi.org/10.5281/zenodo.1221358.
Full textAbstract:
On May 25, 2018, a new data protection regulation touted as <strong>General Data Protection Regulation (GDPR), Regulation (European Union - EU) 2016/689</strong>, will come into force in the European Union (EU) and its 28 Member States. It will replace the <strong>1995 EU Data Protection Directive 95/46/EC</strong>. The GDPR will have a significant impact in protecting the data and digital footprint of users of apps and another digital platform. It will provide significant new data privacy protections for individuals residing in EU states.
3
Kuner, Christopher. "Protecting EU data outside EU borders under the GDPR." Common Market Law Review 60, Issue 1 (2023): 77–106. http://dx.doi.org/10.54648/cola2023004.
Full textAbstract:
The EU General Data Protection Regulation (GDPR) aims to protect personal data outside EU borders by its rules on territorial scope and its restrictions on international data transfers. Despite its importance in EU fundamental rights law, the purpose and interaction of the GDPR’s protections of cross-border data processing have long been shrouded in confusion. Initiatives of EU bodies to interpret the GDPR’s safeguards illustrate the need for EU law to demonstrate clarity and consistency in defending fundamental rights outside EU borders. Only by maintaining the high level of protection required by the GDPR and the Court of Justice, can the EU’s ambitions of cross-border data protection be realized and the GDPR’s influence in third countries be maintained. data protection, GDPR, territorial scope, international data transfers, Court of Justice, European Commission, European Data Protection Board
4
Simbolon, Valentina Ancillia, and Vishnu Juwono. "Comparative Review of Personal Data Protection Policy in Indonesia and The European Union General Data Protection Regulation." Publik (Jurnal Ilmu Administrasi) 11, no. 2 (2022): 178. http://dx.doi.org/10.31314/pjia.11.2.178-190.2022.
Full textAbstract:
Data leakage is one of the high potentials for criminal acts in cyberspace. The Indonesian government passed the Personal Data Protection Act (UU PDP) to ensure the security of every citizen's personal data. This study aims to compare the policies of the Personal Data Protection Act with the European Union General Data Protection Regulations (EU-GDPR). This study uses a qualitative descriptive analysis method with data from previous studies and official releases from the Indonesian government and the European Union. The results of this study illustrate that the PDP Law and the EU-GDPR have the same arrangements regarding the rights of personal data subjects. In the data processing aspect, the principle of processing personal data in the PDP Law is not mandatory. In contrast, in the EU-GDPR, the principle of processing personal data is mandatory. In the aspect of controlling and processing personal data, both rights and responsibilities are almost the same, both for the PDP Law and the EU-GDPR. In the aspect of imposing sanctions, EU-GDPR is more apparent in the mechanism of imposing sanctions in the form of fines. While in the PDP Law, sanctions consist of administrative sanctions, criminal sanctions, and criminal fines, the mechanism of imposing sanctions is not yet clear.
5
Cvik, Eva Daniela, Radka MacGregor Pelikánová, and Michal Malý. "Selected Issues from the Dark Side of the General Data Protection Regulation." Review of Economic Perspectives 18, no. 4 (2018): 387–407. http://dx.doi.org/10.2478/revecp-2018-0020.
Full textAbstract:
Abstract The Regulation (EU) 2016/679 on the protection of personal data (GDPR) was enacted in 2016 and applies from 25thMay 2018 in the entire EU. The GDPR is a product of an ambitious reform and represents a direct penetration of the EU law into the legal systems of the EU member states. The EU works on the enhancement of awareness about the GDPR and points out its bright side. However, the GDPR has its dark side as well, which will inevitably have a negative impact. Hence, the goal of this paper is twofold - (i) to scientifically identify, forecast, and analyze selected problematic aspects of the GDPR and its implementation, in particular for Czech municipalities, and (ii) to propose recommendations about how to reduce, or even avoid, their negative impacts. These theoretic analyses are projected to a Czech case study focusing on municipalities, which offers fresh primary data and allows a further refining of the proposed recommendations. An integral part of the performed analyses is also a theoretic forecast of expenses linked to the GDPR, which municipalities will have to include in their mandatory expenses and mid-term prognostic expectations regarding the impact on the budgets of these municipalities from Central Bohemia. The GDPR, like Charon, is at the crossing, the capacity and knowledge regarding its application is critical for operating in the EU in 2018. It is time both to admit that the GDPR has its dark side and to present real and practical recommendations about how to mitigate it.
6
Kuner, Christopher. "International Organizations and the EU General Data Protection Regulation." International Organizations Law Review 16, no. 1 (2019): 158–91. http://dx.doi.org/10.1163/15723747-2019008.
Full textAbstract:
The importance of personal data processing for international organizations (‘IOs’) demonstrates the need for them to implement data protection in their work. The EU General Data Protection Regulation (‘GDPR’) will be influential around the world, and will impact IOs as well. Its application to them should be determined under relevant principles of EU law and public international law, and it should be interpreted consistently with the international obligations of the EU and its Member States. However, IOs should implement data protection measures regardless of whether the GDPR applies to them in a legal sense. There is a need for EU law and international law to take each other better into account, so that IOs can enjoy their privileges and immunities also with regard to EU law and avoid conflicts with international law, while still providing a high level of data protection in their operations.
7
Hendrie, Melissa. "Brexit: Is This the End for the General Data Protection Regulation?" Business Law Review 37, Issue 5 (2016): 173–74. http://dx.doi.org/10.54648/bula2016032.
Full textAbstract:
The confirmed exit of the United Kingdom from the European Union (EU) coincides with significant reform of European data protection law. Such reform will arise through the European General Data Protection Regulation (GDPR) which is on course for direct enforcement in all EU Member States as of May 2018. Separation negotiations must be endured before finalization of an EU-UK divorce, the product of which will determine the role of GDPR in Britain’s future.
8
Ryngaert, Cedric, and Mistale Taylor. "The GDPR as Global Data Protection Regulation?" AJIL Unbound 114 (2020): 5–9. http://dx.doi.org/10.1017/aju.2019.80.
Full textAbstract:
The deterritorialization of the Internet and international communications technology has given rise to acute jurisdictional questions regarding who may regulate online activities. In the absence of a global regulator, states act unilaterally, applying their own laws to transborder activities. The EU's “extraterritorial” application of its data protection legislation—initially the Data Protection Directive (DPD) and, since 2018, the General Data Protection Regulation (GDPR)—is a case in point. The GDPR applies to “the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to: (a) the offering of goods or services . . . to such data subjects in the Union; or (b) the monitoring of their behaviour . . . within the Union.” It also conditions data transfers outside the EU on third states having adequate (meaning essentially equivalent) data protection standards. This essay outlines forms of extraterritoriality evident in EU data protection law, which could be legitimized by certain fundamental rights obligations. It then looks at how the EU balances data protection with third states’ countervailing interests. This approach can involve burdens not only for third states or corporations, but also for the EU political branches themselves. EU law viewed through the lens of public international law shows how local regulation is going global, despite its goal of protecting only EU data subjects.
9
Kim, Hansol. "Legislative Harmonization of Brazilian Data Protection Law with EU GDPR: A Comparative Study on the EU GDPR and Brazil's LGPD." Center for Legislative Studies, Gyeongin National University of Education 2 (December 31, 2022): 105–42. http://dx.doi.org/10.58555/li.2022.2.105.
Full textAbstract:
Recently, major countries and international organizations, including the European Union, are reforming their personal data protection system, which is understood to seek the reasonable balance between the protection of personal information and communication technologies that have developed rapidly over the past three decades. The General Data Protection Regulation (GDPR), enacted by the EU in May 2016, is the world's most powerful privacy system now, and since the GDPR was enacted, EU trade partners have been actively striving to align their own data protection legislations with the GDPR by adopting and amending theirs to meet the global data protection standards. Brazil, as Latin America's economic giant, has also spent a long time finding the balance point between creating economic profits and protecting human rights under the pressure of mediating the conflicting values of using and protecting personal information. As a result of the conflict, the Brazilian General Data Protection Regulation(LGPD), affected by the EU GDPR, was passed on August 15, 2018 after eight years of discussion. This study began with questions about how specific the Brazilian LGPD was influenced by the European GDPR and how these two legislations were harmonized in the global society. We examined the system and status of Brazil's personal information legislation, as well as the legislative progress of the new legislation, and went on to conduct comparative legal reviews of the two legislations to find out the similarities and differences between them. Furthermore, we looked at the implications of Brazilian legislation for our legislation and sought compatibility between the value of privacy protection and the development of information technology.
10
Sirait, Yohanes Hermanto. "GENERAL DATA PROTECTION REGULATION (GDPR) DAN KEDAULATAN NEGARA NON-UNI EROPA." Gorontalo Law Review 2, no. 2 (2019): 60. http://dx.doi.org/10.32662/golrev.v2i2.704.
Full textAbstract:
Generally, the GDPR applies to data processing activities conducted by organisations established in the European Union (EU). But in certain activities, GDPR may also apply outside EU according to extra-teritorial principle. This principle has correlation to concept of sovereignty in international law. This article aims to examine whether a state must abide to GDPR when the requirement fulfiled or should the states use their sovereignty as a basis to deny it. This article is normative legal research. It focus on case-law, statutes and other legal source as primary and subsidiary source. The analysis is deductive by reasoning from more general to more specific. The result show that extra-teritorial principle under GDPR is in accordance to international law. The practice is common in the world in order to protect the citizen and national interest from any threat from abroad. The chance of overlapping between this principles with state’s sovereignty is hardly to occur as the principle only works when the interest of European citizen violated.
Dissertations / Theses on the topic "EU General Data Protection Regulation (GDPR)"
1
Bitar, Hadi, and Björn Jakobsson. "GDPR: Securing Personal Data in Compliance with new EU-Regulations." Thesis, Luleå tekniska universitet, Institutionen för system- och rymdteknik, 2017. http://urn.kb.se/resolve?urn=urn:nbn:se:ltu:diva-64342.
Full textAbstract:
New privacy regulations bring new challenges to organizations that are handling and processing personal data regarding persons within the EU. These challenges come mainly in the form of policies and procedures but also with some opportunities to use technology often used in other sectors to solve problems. In this thesis, we look at the new General Data Protection Regulation (GDPR) in the EU that comes into full effect in May of 2018, we analyze what some of the requirements of the regulation means for the industry of processing personal data, and we look at the possible solution of using hardware security modules (HSMs) to reach compliance with the regulation. We also conduct an empirical study using the Delphi method to ask security professionals what they think the most important aspects of securing personal data, and put that data in relation to the identified compliance requirements of the GDPR to see what organizations should focus on in their quest for compliance with the new regulation. We found that a successful implementation of HSMs based on industry standards and best practices address four of the 35 identified GDPR compliance requirements, mainly the aspects concerning compliance with anonymization through encryption, and access control. We also deduced that the most important aspect of securing personal data according to the experts of the Delphi study is access control followed by data inventory and classification.
2
Taka, Anni-Maria. "Cross-Border Application of EU's General Data Protection Regulation (GDPR) - A private international law study on third state implications." Thesis, Uppsala universitet, Juridiska institutionen, 2017. http://urn.kb.se/resolve?urn=urn:nbn:se:uu:diva-326633.
Full text
3
Magnusson, Wilhelm. "The EU General Data Protection Regulations and their consequences on computer system design." Thesis, KTH, Skolan för datavetenskap och kommunikation (CSC), 2017. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-213025.
Full textAbstract:
As of writing this thesis, the EU’s new data protection laws (GDPR) will start to apply within one year. The new regulations are poorly understood by many and rumours of varying accuracy are circling the IT industry. This thesis takes a look at the parts of the GDPR concerning system design and architecture, clarifying what they mean and their consequences for system design. The new regulations are compared to the old data protection laws (Directive 95/46/EC), showing how companies must alter their computer systems in order to adapt. Using evaluations of the old data protection laws predictions are made for how the GDPR will affect the IT industry going forward. One of the more important questions are what tools are available for companies when adapting to privacy protection regulations and threats. This thesis aims to identify the most common processes for this kind of system modification and compare their effectiveness in relation to the GDPR.<br>Vid framställningen av denna avhandling är det mindre än ett år innan EUs nya dataskyddsförordning (GDPR) träder i kraft. Många har bristande förståelse av de nya förordningarna och rykten av varierande korrekthet cirkulerar inom IT industrin. Denna avhandling utför en kritisk undersökning utav de delar inom GDPR som berör system design och arkitektur och beskriver dess innebörd för system design. De nya lagarna jämförs med de föregående dataskyddslagarna (Direktiv 95/46/EC) för att påvisa de modifikationer som kommer krävas för att anpassa datorsystem till de nya förordningarna. Genom att undersöka de äldre dataskyddslagarnas effekt på industrin görs även förutsägelser kring hur GDPR kommer påverka IT industrin inom den närmaste framtiden. Än av de intressantare frågorna är vilka metoder som finns tillgängliga för att underlätta systemanpassningar relaterade till dataskyddsförordningar. Denna avhandling syftar att identifiera de mest etablerade av dessa typer av processer och jämföra deras lämplighet i förhållande till GDPR.
4
Paulsrud, Ludvig. "… except death, taxes and the GDPR : En kvalitativ studie av huruvida hänsyn har tagits till informationskultur under arbetet inför GDPR på två svenska universitet." Thesis, Mittuniversitetet, Avdelningen för informationssystem och -teknologi, 2018. http://urn.kb.se/resolve?urn=urn:nbn:se:miun:diva-34055.
Full textAbstract:
Målet med denna studie är att undersöka om informationskultur är ett teoretiskt verktyg som kan bidra till en proaktiv informationsförvaltning, samt om informationskulturperspektivet kan vara till stöd för en organisation som genomgår ett förändringsarbete som påverkar informationsförvaltningen. I studien används Gillian Oliver and Fiorella Foscarinis definition av informationskultur, vilket de definierar som ”values accorded to information, and attitudes towards it, specifically within organisational contexts.” Förberedelsearbetet på två svenska universitet inför dataskyddsförordningen GDPR (EU) 2016/67, vilken trädde i kraft 25 maj 2018, är det fall som författaren prövar informationskultursteorin mot. Genom en kvalitativ metod, där fem respondenter har intervjuats, har författaren undersökt respondenternas värderingar gentemot information samt hur de hade organiserat sitt arbete inför GDPR. Studien visar på ett stort behov av samarbete mellan arkivarier och andra yrkesgrupper såsom it-ansvariga och jurister när komplexa informationsförvaltningsfrågor som GDPR ska hanteras. Men att detta samarbete involverar arkivet är inte självklart, vilket visas i skillnaden mellan hur de båda universiteten har arbetat. Studien visar även att det finns en skillnad mellan att anlägga ett informationskulturperspektiv under ett förändringsarbete och att använda informationskultur i Oliver och Foscarinis mening, vilket innebär att analysera redan etablerade strukturer och organisationer; de problemområden som Oliver och Foscarini anser att arkivarien bör undvika att lägga mycket arbete på, då de är svårföränderliga, visar sig enligt studieresultatet tvärt om vara viktiga att jobba med under ett förändringsarbete. Att en viss nivå av det informationskulturramverk som Oliver och Foscarini har tagit fram är svår att påverka i en organisation betyder inte att den är svår att inkorporera i ett förändringsarbete. Till skillnad från andra, allmänna förändringteorier så lyfter informationskulturperspektivet fram aspekter som är direkt kopplade till arkivariens roll. I stället för generella råd som ”samarbete” föreslås mer specifikt ”samarbete med it”. Informationskultur är dessutom en väldigt innehållsrik teori då den inbegriper många etablerade teoribildningar. I en informationsförvaltningskontext blir därför informationskulturansatsen paradoxalt nog både bredare och mer specifik på samma gång.<br>The aim of this thesis is to examine if information culture is a theoretical construct that can assist in creating a proactive recordkeeping environment. It also aims to investigate if information culture can be of help to an organization that goes through changes that affect its recordkeeping practices. The study uses Gillian Oliver and Fiorella Foscarini’s definition of information culture, which they define as ”values accorded to information, and attitudes towards it, specifically within organisational contexts.” The preparations for the GDPR (EU) 2016/67 at two Swedish universities functions as the case that the author uses to explore these questions. Using a qualitative method, interviewing five people, the author examined the interviewees’ values towards information and how the organizations had prepared for the GDPR. The study suggests that there is need for cooperation between archivists and people from other professions, such as IT and law, when preparing for complex recordkeeping issues such as the GDPR. However, the study shows that an archivist is not always involved in an organization’s change management effort. The study shows that there is a difference between adopting an information culture perspective when managing change and using information culture as Oliver and Foscarini intend it be used. Their approach addresses organizations and structures that are already established. The problem areas that Oliver and Foscarini think an archivist should avoid focusing its change management efforts on, because they are hard to change, are shown to be as important to work with as other problem areas when managing change in an organization. Just because a level of the information culture framework that Oliver and Foscarini have developed is difficult to affect in an organization does not mean that it is hard to incorporate into a change management effort. In contrast to other change management theories, an information culture perspective highlights aspects that are directly connected to the role of the archivist. Instead of generic advice, such as “cooperation”, information culture specifically advices the archivist to “cooperate with the IT department”. Information culture is a theoretical construct that embraces other established theories. From a recordkeeping perspective, an information culture approach is therefore paradoxically both broad and exact at the same time.
5
Ford, David Thomas, and Sreman Qamar. "Seeking opportunities in the Internet of Things (IoT): : A Study of IT values co-creation in the IoT ecosystem while considering the potential impacts of the EU General Data Protection Regulations (GDPR)." Thesis, Umeå universitet, Institutionen för informatik, 2017. http://urn.kb.se/resolve?urn=urn:nbn:se:umu:diva-137223.
Full textAbstract:
In this thesis, we have studied the phenomena of value co-creation in IoT ecosystem, while considering the potential impacts of GDPR on IT value co-creation in the IoT ecosystem. IT firms’ ability to create value is an important aspect of their existence and growth in which case they pursuit different and several means to accomplish this task. IT firms that operate within the IoT ecosystem are categorised as Enablers, Engagers, and Enhancers who interact, work together to provide the technology and services needed to both market the IoT and to deploy it for their own business operations. These actors usually deem it necessary to create value through a co-creation process with customers in order to create well needed, tailored and up-to-date IoT solutions. In such case, customers’ data play a significant role in the development process. Through computer analysis, these data can reveal insightful information that can lead to the creation of relevant and appropriate IT solutions. However, the EU new and upcoming General Data Protection Regulation stand to have some impacts on this creative process, by regulating data practices in technological activities, thereby, creating several concerns among the IT community.
6
Tenhovaara, Taru. "Transferring Big Data to the United States in the Post Snowden Era : Can the Fundamental Rights of EU citizens laid down in Articles 7,8 and 47 of the Charter be guaranteed?" Thesis, Stockholms universitet, Juridiska institutionen, 2018. http://urn.kb.se/resolve?urn=urn:nbn:se:su:diva-159827.
Full text
7
Skogelin, Willy. "En undersökning av den svenska offentlighetsprincipens förenlighet med EU:s dataskyddsförordning." Thesis, Uppsala universitet, Juridiska institutionen, 2018. http://urn.kb.se/resolve?urn=urn:nbn:se:uu:diva-356146.
Full textAbstract:
The paper examines the compatibility between the Swedish principle of transparency and EU’s general data protection regulation (EU) 2016/679 (GDPR). The question of compatibility between the right of access to public documents in Sweden and the EU regulation regardng protection of personal data have been relevant since EU started to legislate the area. However, for the first time a general regulation regarding processing of personal data is enforced which brings the problem to a head. Focusing on the right to public documents (a part of the Swedish principle of transparency) the relevant regulations in GDPR is examined to find possible conflicts with the principle of transparency. It is found that the vast opportunities to exception from the principal rules and the possibility of national special regulation solves many of the conflicts, even though some remain. The perception of the Swedish government in regard to article 86 in GDPR, which allows the member states to reconcile the GDPR with the right to public documents, is that the Swedish principle of transparency is granted precedence over the GDPR. The opinion of the Swedish government does not stand valid regarding the textual content in the regulation nor its purpose and goals. It would have been desirable if the government had made a closer investigation regarding what exception from the principal rules to use, and what national special regulation that is necessary, for the practice of the Swedish right of access to public documents. The analysis in the paper concludes that the principle of transparency and the GDPR can possibly be compatible. Article 86 will be of importance after the of- fered exceptions in the specific rights in the GDPR have been used. The article needs to be put in relation to the protection for personal data offered in the Swedish national legislative that limits the right of access to public documents. Furthermore, the question of respect from EU concerning the national constitutional identity is examined regarding its role reconciling the union law and the Swedish principle of trans- parency. It is stated that it may be of importance for a, from a Swedish transparency perspective, beneficial interpretation of article 86 in the CJEU. The paper also investigates the question of Sweden’s transferring of competence concerning the principle of transparency. It is stated that to the extent EU does not provide a protection of the right of access to public documents equal to the law in Sweden a Swedish court could disallow the competence transfer which passed EU that legislative power.<br>I framställningen utreds den svenska offentlighetsprincipens förenlighet med EU:s dataskyddsförordning (EU) 2016/679. Frågan om förenlighet mellan offentlighetsprincipen och EU:s reglering rörande personuppgiftsskydd har varit relevant sedan EU började lagstifta på området. Däremot har för första gången en allmän förordning rörande behandling av personuppgifter stiftats vilket ställer problemet på sin spets. Med fokus på handlingsoffentligheten utreds det relevanta regelverket i dataskyddsförordningen för att undersöka eventuella konflikter gentemot offentlighetsprincipen. Det konstateras att de många undantag och möjliga nationella särregleringar som förordningen erbjuder löser många av de konflikter som uppstår, men vissa kvarstår. Den svenska regeringen är av uppfattningen att artikel 86 i dataskyddsförordningen, som möjliggör sammanjämkning mellan förordningen och allmänhetens rätt att få tillgång till allmänna handlingar, innebär att offentlighetsprincipen fullt ut kan ges företräde framför förordningen. Den svenska uppfattning framstår inte som hållbar utifrån förordningens ordalydelse och bakomliggande syften och mål. Det hade varit önskvärt om regeringen närmare låtit utreda vilka undantag och nationella särregleringar som varit nödvändiga för att fortsatt kunna tillämpa handlingsoffentligheten. Analysen i framställningen visar att troligen går det att förena offentlighetsprincipen med dataskyddsförordningen. Artikel 86 blir av betydelse efter de i förordningen erbjudna undantagen i de specifika rättigheterna uttömts. Artikeln måste sättas i relation till det skydd för personuppgifter som i svensk nationell rätt begränsar handlingsoffentligheten. Vidare blir frågan om EU:s respekt för den nationella konstitutionella identiteten behandlad rörande dess betydelse för en sammanjämkning av EU-rätten och den svenska offentlighetsprincipen. Det konstateras att den kan ha betydelse för en, till svensk fördel, offentlighetsvänlig tolkning av artikel 86 i EU-domstolen. Framställningen utreder även frågan om svensk kompetensöverlåtelse till EU rörande offentlighetsprincipen. Slutsatsen är att i den mån EU inte erbjuder ett jämbördigt skydd för rätten till allmänna handlingar likt den svenska rätten kan svensk domstol underkänna överlåtelsen av kompetens som tillät EU att inskränka offentlighetsprincipen.
8
Ökvist, Nicklas, and Max Furberg. "Analysmodell för inbyggt dataskydd och dataskydd som standard." Thesis, Uppsala universitet, Institutionen för informatik och media, 2017. http://urn.kb.se/resolve?urn=urn:nbn:se:uu:diva-324930.
Full text
9
Nilsson, Eric. "Informerat samtycke till behandling av personuppgifter på webbplatser : En analys av hur kraven i dataskyddsförordningen kommer att påverka den personliga integriteten i praktiken." Thesis, Uppsala universitet, Juridiska institutionen, 2017. http://urn.kb.se/resolve?urn=urn:nbn:se:uu:diva-323168.
Full textAbstract:
Frågan om rätten till personlig integritet är aktuell på ett helt annat sätt idag än den var på 1990-talet. Sedan dataskyddsdirektivet trädde i kraft har behandlingen av personuppgifter ökat exponentiellt. Informationsteknik har möjliggjort en omfattande kartläggning av personers beteenden online. Idag använder många webbplatser funktioner för att samla in och på andra sätt behandla sina besökares personuppgifter. Samtidigt har informationen om personuppgiftsbehandlingen som ges till enskilda på webbplatser i många fall blivit omfattande och komplicerad. Ett av syftena med den nya dataskyddsförordningen är att bygga upp konsumenters förtroende för handel på internet. Förordningen syftar även till att stärka skyddet för enskildas personliga integritet. Bestämmelserna kan anses vara svårtydda, vilket kan leda till att skyddet som bäst blir oförändrat. I ett samhälle som blir alltmer digitaliserat tycks det önskvärt att de moderna reglerna håller vad de lovar, annars kan konsekvenserna bli stora. I denna uppsats diskuteras om dataskyddsförordningens krav på informerat samtycke förbättrar förutsättningarna för ett effektivt skydd för den personliga integriteten. De nya bestämmelserna är mer omfattande men har kritiserats för att vara otydliga, närmare principer i direktiv snarare än direkt tillämplig förordningstext. Bestämmelserna behöver också vägas mot andra rättigheter. Därför kan bestämmelserna om samtycke och informationsplikt leda till ett sämre skydd för enskilde om inte tydlig vägledning ges. Det är därför en risk som kommer behöva beaktas vid tillämpningen av förordningen. Om personuppgiftsansvariga saknar vägledning finns en risk att bestämmelserna i praktiken inte ger enskilda den kontroll över sina personuppgifter som var avsedd.
10
Nord, Lisa. "Programvaruutvecklingen efter GDPR : Effekten av GDPR hos mjukvaruföretag." Thesis, Blekinge Tekniska Högskola, Institutionen för programvaruteknik, 2020. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-20146.
Full textAbstract:
GDPR (General data protection regulation, generella dataskyddsförordningen) är en ny europeisk förordning som reglerar behandlingen av känsliga uppgifter samt det fria flödet av dessa inom EU. Förordningen utgör ett skydd för fysiska personer vid behandling av deras personuppgifter inom unionen vilket är en grundläggande rättighet. GDPR har sedan den trädde i kraft i Maj 2018 varit en förordning att räkna med då dess bötesbelopp är höga. Alla företag inom Europa behöver följa reglerna samt företag utanför EU som hanterar europeiska personuppgifter. Målet med detta arbete är se vilken effekt GDPR har haft hos svenska mjukvaruutvecklare och hur de ser på sin arbetsbörda. Detta har gjorts genom en enkätundersökning hos svenska mjukvaruföretag som blivit slumpmässigt utvalda. Av uppsatsens resultat framgår det att många mjukvaruföretag som skapar egen programvara eller distribuerar programvara för en tredje part har den nya förordningen inneburit ett tyngre arbetslass samt omförhandling av existerande programvarulösningar. Något som inneburit nya arbetsplatser eller arbetsgrupper hos många företag. När GDPR först trädde ikraft lades det ner många arbetstimmar på att omvandla redan existerande lösningar för att uppfylla kraven. Trots detta har det lagts många fler timmar vid utveckling även efter GDPR för att se till att den nya programvaran även den lever upp till de krav som är ställda. Av resultatet kan vi även finna att många företag ser väldigt strikt på hantering av känsliga uppgifter de samlat in från deras kunder men ser mindre strikt på lagring och hantering av personuppgifter av sina egna anställda.<br>GDPR(General data protection regulation) is a new European regulation that regulates data, protection, and privacy. It also addresses the transfer of personal data to countries outside of the European Union. Ever since the GDPR was enforceable May 2018, it has been a regulation for businesses to strictly follow and be wary of due to the hefty fines. All European businesses need to follow the new regulation and likewise, so to the businesses outside of the E.U. in which handles any type of personal data of Europeans. The goal with this thesis is to see the effect the GDPR has had for Swedish software developers and how they portray their workload. This data has been shown in the form of a questionnaire which was randomly distributed to a number of Swedish software companies. In conclusion, this thesis shows that the new regulation has had a big impact on the developers that create new software/distributes software, primarily in form of a heavier workload and the need to re-negotiate already existing software. This has provided new jobs and/or new teams for many of the companies that were a part of this study. When GDPR was first introduced, the software companies spent countless hours on converting already existing software. Even tho they spend a lot of time in the beginning, the dedication of time is spent on every solution to make sure it meets the requirements of GDPR: We can also see that many businesses spend a lot more time and money on data protection for their clients personal data, but they do not treat their employees personal data in the same way.
Books on the topic "EU General Data Protection Regulation (GDPR)"
1
Voigt, Paul, and Axel von dem Bussche. The EU General Data Protection Regulation (GDPR). Springer International Publishing, 2017. http://dx.doi.org/10.1007/978-3-319-57959-7.
Full text
2
Voigt, Paul, and Axel von dem Bussche. The EU General Data Protection Regulation (GDPR). Springer Nature Switzerland, 2024. http://dx.doi.org/10.1007/978-3-031-62328-8.
Full text
3
Sloot, Bart. The General Data Protection Regulation in Plain Language. Amsterdam University Press, 2020. http://dx.doi.org/10.5117/9789463726511.
Full textAbstract:
The General Data Protection Regulation in Plain Language is a guide for anyone interested in the much-discussed rules of the GDPR. In this legislation, which came into force in 2018, the European Union meticulously describes what you can and cannot do with data about other people. Violating these rules can lead to a fine of up to 20 million euros. This book sets out the most important obligations of individuals and organisations that process data about others. These include taking technical security measures, carrying out an impact assessment and registering all data-processing procedures within an organisation. It also discusses the rights of citizens whose data are processed, such as the right to be forgotten, the right to information and the right to data portability.
4
Kuner, Christopher, Lee A. Bygrave, Christopher Docksey, and Laura Drechsler, eds. The EU General Data Protection Regulation (GDPR). Oxford University Press, 2020. http://dx.doi.org/10.1093/oso/9780198826491.001.0001.
Full textAbstract:
This new book provides an article-by-article commentary on the new EU General Data Protection Regulation. Adopted in April 2016 and applicable from May 2018, the GDPR is the centrepiece of the recent reform of the EU regulatory framework for protection of personal data. It replaces the 1995 EU Data Protection Directive and has become the most significant piece of data protection legislation anywhere in the world. This book is edited by three leading authorities and written by a team of expert specialists in the field from around the EU and representing different sectors (including academia, the EU institutions, data protection authorities, and the private sector), thus providing a pan-European analysis of the GDPR. It examines each article of the GDPR in sequential order and explains how its provisions work, thus allowing the reader to easily and quickly elucidate the meaning of individual articles. An introductory chapter provides an overview of the background to the GDPR and its place in the greater structure of EU law and human rights law. Account is also taken of closely linked legal instruments, such as the Directive on Data Protection and Law Enforcement that was adopted concurrently with the GDPR, and of the ongoing work on the proposed new E-Privacy Regulation.
5
Publishing, IT Governance. EU General Data Protection Regulation (GDPR) - an Implementation and Compliance Guide. IT Governance Ltd, 2020.
Find full text
6
Kolah, Ardi. GDPR Handbook: A Guide to the EU General Data Protection Regulation. Kogan Page, Limited, 2015.
Find full text
7
Kolah, Ardi. GDPR Handbook: A Guide to Implementing the EU General Data Protection Regulation. Kogan Page, Limited, 2018.
Find full text
8
I. T. Governance IT Governance Privacy Team and Alice White (Female Synthesized Voice). EU General Data Protection Regulation (GDPR) - an Implementation and Compliance Guide, Fourth Edition. de Gruyter GmbH, Walter, 2020.
Find full text
9
I. T. Governance IT Governance Privacy Team and Alice White (Female Synthesized Voice). EU General Data Protection Regulation (GDPR) - an Implementation and Compliance Guide, Fourth Edition. de Gruyter GmbH, Walter, 2020.
Find full text
10
Ausloos, Jef. The Right to Erasure in EU Data Protection Law. Oxford University Press, 2020. http://dx.doi.org/10.1093/oso/9780198847977.001.0001.
Full textAbstract:
This book critically investigates the role of data subject rights in countering information and power asymmetries online. It aims at dissecting ‘data subject empowerment’ in the information society through the lens of the right to erasure (‘right to be forgotten’) in Article 17 of the General Data Protection Regulation (GDPR). In doing so, it provides an extensive analysis of the interaction between the GDPR and the fundamental right to data protection in Article 8 of the Charter of Fundamental Rights of the EU (Charter), how data subject rights affect fair balancing of fundamental rights, and what the practical challenges are to effective data subject rights. The book starts with exploring the data-driven asymmetries that characterize individuals’ relationship with tech giants. These commercial entities increasingly anticipate and govern how people interact with each other and the world around them, affecting core values such as individual autonomy, dignity, and freedom. The book explores how data protection law, and data subject rights in particular, enable resisting, breaking down or at the very least critically engaging with these asymmetric relationships. It concludes that despite substantial legal and practical hurdles, the GDPR’s right to erasure does play a meaningful role in furthering the fundamental right to data protection (Art 8 Charter) in the face of power asymmetries online.
Book chapters on the topic "EU General Data Protection Regulation (GDPR)"
1
Voigt, Paul, and Axel von dem Bussche. "Data Subjects’ Rights." In The EU General Data Protection Regulation (GDPR). Springer Nature Switzerland, 2024. http://dx.doi.org/10.1007/978-3-031-62328-8_5.
Full text
2
Voigt, Paul, and Axel von dem Bussche. "Scope of Application of the GDPR." In The EU General Data Protection Regulation (GDPR). Springer International Publishing, 2017. http://dx.doi.org/10.1007/978-3-319-57959-7_2.
Full text
3
Voigt, Paul, and Axel von dem Bussche. "Enforcement and Fines Under the GDPR." In The EU General Data Protection Regulation (GDPR). Springer International Publishing, 2017. http://dx.doi.org/10.1007/978-3-319-57959-7_7.
Full text
4
Voigt, Paul, and Axel von dem Bussche. "Enforcement and Fines Under the GDPR." In The EU General Data Protection Regulation (GDPR). Springer Nature Switzerland, 2024. http://dx.doi.org/10.1007/978-3-031-62328-8_7.
Full text
5
Voigt, Paul, and Axel von dem Bussche. "Scope of Application of the GDPR." In The EU General Data Protection Regulation (GDPR). Springer Nature Switzerland, 2024. http://dx.doi.org/10.1007/978-3-031-62328-8_2.
Full text
6
Voigt, Paul, and Axel von dem Bussche. "Rights of Data Subjects." In The EU General Data Protection Regulation (GDPR). Springer International Publishing, 2017. http://dx.doi.org/10.1007/978-3-319-57959-7_5.
Full text
7
Voigt, Paul, and Axel von dem Bussche. "Special Data Processing Activities." In The EU General Data Protection Regulation (GDPR). Springer International Publishing, 2017. http://dx.doi.org/10.1007/978-3-319-57959-7_9.
Full text
8
Voigt, Paul, and Axel von dem Bussche. "Special Data Processing Operations." In The EU General Data Protection Regulation (GDPR). Springer Nature Switzerland, 2024. http://dx.doi.org/10.1007/978-3-031-62328-8_9.
Full text
9
Voigt, Paul, and Axel von dem Bussche. "Practical Implementation of the Requirements Under the GDPR." In The EU General Data Protection Regulation (GDPR). Springer International Publishing, 2017. http://dx.doi.org/10.1007/978-3-319-57959-7_10.
Full text
10
Voigt, Paul, and Axel von dem Bussche. "Introduction and ‘Checklist’." In The EU General Data Protection Regulation (GDPR). Springer International Publishing, 2017. http://dx.doi.org/10.1007/978-3-319-57959-7_1.
Full textConference papers on the topic "EU General Data Protection Regulation (GDPR)"
1
Rudohradská, Simona, Laura Bachňáková Rózenfeldová, and Regina Hučková. "WHEN COMPETITION MEETS PERSONAL DATA PROTECTION." In International Scientific Conference “Digitalization and Green Transformation of the EU“. Faculty of Law, Josip Juraj Strossmayer University of Osijek, 2023. http://dx.doi.org/10.25234/eclic/27455.
Full textAbstract:
In the submitted contribution the authors follow up on the case of Facebook, which was assessed by the German competition authority – Bundeskartellamt. Proceedings moved from administrative to judicial phase, as this case was assessed by Düsseldorf Higher Regional Court (Oberlandesgericht Düsseldorf ) and also by Federal Court of Justice (Bundesgerichtshof ). However, German national courts had adopted differing views in this regard. National German court (Higher Regional Court, Düsseldorf, Germany) rendered a prejudicial question to Court of Justice of the European union (hereinafter referred to as “CJEU”), concerning mainly (1) interpretation of GDPR regulation and (2) question of whether competition authority is entitled to apply this regulation in its investigations. In the corresponding case No. C-252/21, the Opinion of Advocate General (delivered on 20 September 2022) was recently published. The aim of this paper is to assess the interaction between personal data protection in correlation with the competition rules, more precisely, whether the competition authority is entitled to apply GDPR.
2
Rakovic, Radoslav. "PERSONAL DATA PROTECTION – FRAMEWORKS, PRACTICAL EXPERIENCES AND CHALLENGES." In SECURITY AND CRISIS MANAGEMENT - THEORY AND PRACTICE. RASEC, 2023. https://doi.org/10.70995/xdnx2648.
Full textAbstract:
Fundamental information security management standard ISO 27001 declares need for protecting basic features of information – confidentiality, integrity and availability - and defines certain number of controls oriented to technical, organizational and combined actions that should enable it. Particular issue represents personal data protection that is subject of particular General Data Protection Regulation (GDPR) has been appplied in EU from 25.05.2018. and paricular Law on personal data protection of Republic of Serbia has been applied from 22.08.2019. After brief review of the GDPR and the subject law, practical experiences and challenges in application of personal data protection in Serbia are considered.
3
Babalola, Olumide. "Internet of Things (IoT): Data Security and Privacy Concerns under the General Data Protection Regulation (GDPR)." In 10th International Conference on Natural Language Processing (NLP 2021). Academy and Industry Research Collaboration Center (AIRCC), 2021. http://dx.doi.org/10.5121/csit.2021.112324.
Full textAbstract:
Internet of Things (IoT) refers to the seamless communication and interconnectivity of multiple devices within a certain network enabled by sensors and other technologies facilitating unusual processing of personal data for the performance of a certain goal. This article examines the various definitions of the IoT from technical and socio-technical perspectives and goes ahead to describe some practical examples of IoT by demonstrating their functionalities vis a vis the anticipated privacy and information security implications. Predominantly, the article discusses the information security and privacy risks posed by the operationality of IoT as envisaged under the EU GDPR and makes a few recommendations on how to address the risks.
4
Senanayake, H. R. Chiranthi. "The Legal Debate on the Commercial Use of Personal Data - A Discussion of the Eu Gdpr Precedent." In SLIIT INTERNATIONAL CONFERENCE ON ADVANCEMENTS IN SCIENCES AND HUMANITIES [SICASH]. Faculty of Humanities and Sciences, SLIIT, 2022. http://dx.doi.org/10.54389/pnox5200.
Full textAbstract:
Although the adoption of the Personal Data Protection Act No. 9 of 2022 in Sri Lanka marked a significant milestone in the commercial use of personal data, the regulation of data use is often debated among international policymakers due to the inherent controversy of the subject. This is especially seen in the European Union (EU) which has a stringent data protection scheme. In light of this legal debate, the discussion in this study centres around the key concern of appropriate regulation and balancing between two competing rights, namely, the freedom to commercially utilise user data in the digital economy, and the protection of the right to privacy and protection from unlawful processing of personal data of the consumer/user. Such an academic conversation is engaged in by deliberating on the legal implications of commercial use of personal data. To this end, the essay will first examine the existing legal systems for commercially processing personal data with specific attention to the European Union (EU) General Data Protection Regulation (GDPR) of 2016 and the associated case law. Next, the essay will discuss three concerns on the present protectionist trajectory of the law, and its impact on the dual role of the law in the digital economy, i.e. as a facilitator of lawful commercial use of personal data and a guardian of privacy rights of data subjects. Thereafter, the essay will discuss three concerns on the present protectionist trajectory of the law, and its impact on the dual role of the law in the digital economy, i.e., as a facilitator of lawful commercial use of personal data and as a guardian of privacy rights of data subjects. The legal analysis is centralised on the EU personal data protection regime because it is a microcosm of development in general data protection law, which is widely accepted as a global persuasive precedent on the regulation of transnational commercial use of personal data. Keywords: Legal debate, personal data, Eu Gdpr Precedent.
5
Mišćenić, Emilia, and Anna-Lena Hoffmann. "THE ROLE OF OPENING CLAUSES IN HARMONIZATION OF EU LAW: EXAMPLE OF THE EU’S GENERAL DATA PROTECTION REGULATION (GDPR)." In EU 2020 – lessons from the past and solutions for the future. Faculty of Law, Josip Juraj Strossmayer University of Osijek, 2020. http://dx.doi.org/10.25234/eclic/11895.
Full text
6
Dinu, Mihaistefan. "NEW DATA PROTECTION REGULATIONS AND THEIR IMPACT ON UNIVERSITIES." In eLSE 2018. Carol I National Defence University Publishing House, 2018. http://dx.doi.org/10.12753/2066-026x-18-218.
Full textAbstract:
Contemporary technological progress was possible on the background of rapid internet access, geographical spreading which has facilitating not only the rapid transmission of vast amount of data but also not so honest storage, use and transmission of this big amount of data. Internet access needs credentials, and frequently credentials are linked to personal data that nowadays can be considered priceless. That is why the protection of personal data must be a priority for the universities. Why new data protection regulation? Why students and employee data are so important? Why and how to protect all these big amounts of data? How to implement new data protection regulations in universities? From all these questions, we start to analyze the actual and future legal environment regarding data protection in order to identify the best practical cyber security solutions. The analysis will start from the replacement of Data Protection Directive 95/46/EC and national regulation with the EU General Data Protection Regulation (GDPR). Intention is to identify the way universities will approach data privacy in order to collect, store and transmit data on students or teachers and in what measure the selected approach will affect educational and research processes. Role of human factor have also been considering in the framework of new regulations, with the focus on necessary relations grid around Data Protection Officer. The analysis will go further with the considerations regarding the place of cyber insurance process in the institutional grid, which is involved in the data protection process, on the one hand, and the necessary resources for implementing the new regulations.
7
Zdravkova, Katerina. "Compliance of MOOCs and OERs with the new privacy and security EU regulations." In Fifth International Conference on Higher Education Advances. Universitat Politècnica València, 2019. http://dx.doi.org/10.4995/head19.2019.9063.
Full textAbstract:
Since their appearance in the early 2000s, Massive Open Online Courses (MOOCs) and Open Educational Resources (OERs) arose among the most important educational priorities. Many top universities worldwide have been involved in the research and direct implementation of this innovative pedagogical approach. Simultaneously with the development and massive deployment of the new learning and teaching method, European regulations responsible for data privacy and protection, and information security have significantly evolved. This paper assesses the compliance of the ten most popular MOOCs and OERs with the General Data Protection Regulation (GDPR) and the Directive on security of network and information systems (NIS Directive). In order to systematically examine their online platforms, a few privacy indicators were outlined and thoroughly observed. Alongside this, the involvement of the open education providers in the NIS Directive was examined. Research findings are presented and elaborated in a way that it makes easy to generate recommendations on how to anticipate the future of open education as a reasonable reaction to global change in the era of rapid technological growth, and at the same time to obey the crucial ethical principles defined by this development.
8
K Y Chan, Victor. "Legal Risks Underlying Human-Computer interface (HCI) Design: A Comparative Study on Macao vs. Major Jurisdictions." In AHFE 2023 Hawaii Edition. AHFE International, 2023. http://dx.doi.org/10.54941/ahfe1004239.
Full textAbstract:
Human-computer interface (HCI) design is an essential aspect of modern technology development, which involves the interaction between humans and computers. HCI design can pose legal risks that may result in significant legal liabilities and consequences for any organization adopting the designs. From the standpoint of an HCI designer as opposed to a legal researcher, this article analyzes the legal risks underlying HCI design and the related regulatory framework in the small jurisdiction Macao in comparison with those in some major jurisdictions, including the United States, the European Union (EU), and mainland China. Relevant statutes, acts, and academic literature are drawn on to support the analysis. Categories of the aforesaid risks are primarily identified as intellectual property, privacy and personal data protection, accessibility, liability for harm, and cybersecurity breaches, only the first two of which are to be elucidated in this article due to its length limitation. The following findings are highlighted: Macao’s IP regime does not include provisions very specific to HCI designs, unlike the United States, the EU, and mainland China. Macao’s privacy and personal data protection framework is less comprehensive than the General Data Protection Regulation (GDPR) in the EU and mainland China’s Cybersecurity Law, Personal Information Protection Law (PIPL), and Data Security Law (DSL). In particular, the GDPR additionally mandates “data protection by design and default,” and mainland China’s Cybersecurity Law, PIPL, and DSL are well integrated with cyberspace sovereignty, national security, social and public interests, national sovereignty, and development interests of the state. In summary, in principle, the legal framework in the small jurisdiction Macao governing the legal risks associated with HCI is by and large in line with those in major and substantially larger jurisdictions. Notwithstanding, the former is in general a general miniature of the latter and comparatively devoid of express provisions very specific to and comprehensively covering HCI design. Subject to further research’s confirmation, this phenomenon of generalization and miniaturization may be true of many other small jurisdictions worldwide as reasoned in this article.
9
Komanovics, Adrienne. "WORKPLACE PRIVACY IN THE EU : THE IMPACT OF EMERGING TECHNOLOGIES ON EMPLOYEE’S FUNDAMENTAL RIGHTS." In International Scientific Conference “Digitalization and Green Transformation of the EU“. Faculty of Law, Josip Juraj Strossmayer University of Osijek, 2023. http://dx.doi.org/10.25234/eclic/27458.
Full textAbstract:
Over the last decade, several new technologies have been adopted that enable more systematic surveillance of employees, creating significant challenges to privacy and data protection. The risks posed by the new devices and methods were exacerbated with the advent of Covid, with the involuntary introduction of digital tools to measure work output and efforts to get visibility back in the workplace through new means. Against this backdrop, the article aims to examine the main issues in workplace surveillance. After a brief overview of the range of surveillance methods, such as video surveillance, network and e-mail monitoring, and employee tracking softwares (the so-called “bossware”), as well as the challenges posed by the new technologies, the paper goes on to individually analyse the legal aspects of monitoring employees for security or performance-related reasons. The phenomenon is examined in light of relevant EU legislation (the General Data Protection Regulation of 2016 being the most relevant one), as well as the opinions adopted by the Article 29 Working Party established by Directive 95/46 and the guidelines drawn up by the European Data Protection Board, established by the GDPR and replacing the WP. In doing so, the paper will elaborate on the concept of transparency, consent, purpose limitation, data minimization, data retention, the so-called expectation of privacy, and the lawfulness of processing, especially the issue of balancing the legitimate interests of the employer against the interests or fundamental rights of the data subject. The results of the analysis suggest that new and emerging technologies developed to monitor employees in order to address productivity issues, security risks, and sexual harassment, combined with the fact that remote and hybrid work becomes the norm inevitably increase the porosity between work and private life and blur the line between public and private. Such an extensive intrusion into privacy calls for enhanced institutional efforts to protect workers from the surveillance overreach of the new digital devices.
10
Savić, Dragan, and Mladen Veinović. "Challenges of General Data Protection Regulation (GDPR)." In Sinteza 2018. Singidunum University, 2018. http://dx.doi.org/10.15308/sinteza-2018-23-30.
Full textReports on the topic "EU General Data Protection Regulation (GDPR)"
1
Kira, Beatriz, Rutendo Tavengerwei, and Valary Mumbo. Points à examiner à l'approche des négociations de Phase II de la ZLECAf: enjeux de la politique commerciale numérique dans quatre pays d'Afrique subsaharienne. Digital Pathways at Oxford, 2022. http://dx.doi.org/10.35489/bsg-dp-wp_2022/01.
Full textAbstract:
Realities such as the COVID-19 pandemic have expedited the move to online operations, highlighting the undeniable fact that the world is continuing to go digital. This emphasises the need for policymakers to regulate in a manner that allows them to harness digital trade benefits while also avoiding associated risk. However, given that digital trade remains unco-ordinated globally, with countries adopting different approaches to policy issues, national regulatory divergence on the matter continues, placing limits on the benefits that countries can obtain from digital trade. Given these disparities, ahead of the African Continental Free Trade Area (AfCFTA) Phase II Negotiations, African countries have been considering the best way to harmonise regulations on issues related to digital trade. To do this effectively, AfCFTA members need to identify where divergencies exist in their domestic regulatory systems. This will allow AfCFTA members to determine where harmonisation is possible, as well as what is needed to achieve such harmonisation. This report analyses the domestic regulations and policies of four focus countries – South Africa, Nigeria, Kenya and Senegal – comparing their regulatory approaches to five policy issues: i) regulation of online transactions; ii) cross-border data flows, data localisation, and personal data protection; iii) access to source code and technology transfer; iv) intermediary liability; and v) customs duties on electronic transmissions. The study highlights where divergencies exist in adopted approaches, indicating the need for the four countries – and AfCFTA members in general – to carefully consider the implications of the divergences, and determine where it is possible and beneficial to harmonise approaches. This was intended to encourage AfCFTA member states to take ownership of these issues and reflect on the reforms needed. As seen in Table 1 below, the study shows that the four countries diverge on most of the five policy issues. There are differences in how all four countries regulate online transactions – that is, e-signatures and online consumer protection. Nigeria was the only country out of the four to recognise all types of e-signatures as legally equivalent. Kenya and Senegal only recognise specific e-signatures, which are either issued or validated by a recognised institution, while South Africa adopts a mixed approach, where it recognises all e-signatures as legally valid, but provides higher evidentiary weight to certain types of e-signatures. Only South Africa and Senegal have specific regulations relating to online consumer protection, while Nigeria and Kenya do not have any clear rules. With regards to cross border data flows, data localisation, and personal data protection, the study shows that all four focus countries have regulations that consist of elements borrowed from the European Union (EU) General Data Protection Regulation (GDPR). In particular, this was regarding the need for the data subject's consent, and also the adequacy requirement. Interestingly, the study also shows that South Africa, Kenya and Nigeria also adopt data localisation measures, although at different levels of strictness. South Africa’s data localisation laws are mostly imposed on data that is considered critical – which is then required to be processed within South African borders – while Nigeria requires all data to be processed and stored locally, using local servers. Kenya imposes data localisation measures that are mostly linked to its priority for data privacy. Out of the four focus countries, Senegal is the only country that does not impose any data localisation laws. Although the study shows that all four countries share a position on customs duties on electronic transmissions, it is also interesting to note that none of the four countries currently have domestic regulations or policies on the subject. The report concludes by highlighting that, as the AfCFTA Phase II Negotiations aim to arrive at harmonisation and to improve intra-African trade and international trade, AfCFTA members should reflect on their national policies and domestic regulations to determine where harmonisation is needed, and whether AfCFTA is the right platform for achieving this efficiently.
2
Whitworth, Gillian, Jeni Tennison, Peter Wells, et al. The EU General Data Protection Regulation: opportunities for grocery retail. Open Data Institute, 2017. http://dx.doi.org/10.61557/zgid8338.
Full text
3
Minero Alejandre, Gemma. Ownership of Databases: Personal Data Protection and Intellectual Property Rights on Databases. Universitätsbibliothek J. C. Senckenberg, Frankfurt am Main, 2021. http://dx.doi.org/10.21248/gups.64578.
Full textAbstract:
When we think on initiatives on access to and reuse of data, we must consider both the European Intellectual Property Law and the General Data Protection Regulation (GDPR). The first one provides a special intellectual property (IP) right – the sui generis right – for those makers that made a substantial investment when creating the database, whether it contains personal or non-personal data. That substantial investment can be made by just one person, but, in many cases, it is the result of the activities of many people and/or some undertakings processing and aggregating data. In the modern digital economy, data are being dubbed the ‘new oil’ and the sui generis right might be con- sidered a right to control any access to the database, thus having an undeniable relevance. Besides, there are still important inconsistences between IP Law and the GDPR, which must be removed by the European legislator. The genuine and free consent of the data subject for the use of his/her data must remain the first step of the legal analysis.
4
de Miguel Beriain, Iñigo, Aliuska Duardo Sánchez, and José Antonio Castillo Parrilla. What Can We Do with the Data of Deceased People? A Normative Proposal. Universitätsbibliothek J. C. Senckenberg, Frankfurt am Main, 2021. http://dx.doi.org/10.21248/gups.64580.
Full textAbstract:
The health and genetic data of deceased people are a particularly important asset in the field of biomedical research. However, in practice, using them is compli- cated, as the legal framework that should regulate their use has not been fully developed yet. The General Data Protection Regulation (GDPR) is not applicable to such data and the Member States have not been able to agree on an alternative regulation. Recently, normative models have been proposed in an attempt to face this issue. The most well- known of these is posthumous medical data donation (PMDD). This proposal supports an opt-in donation system of health data for research purposes. In this article, we argue that PMDD is not a useful model for addressing the issue at hand, as it does not consider that some of these data (the genetic data) may be the personal data of the living relatives of the deceased. Furthermore, we find the reasons supporting an opt-in model less convincing than those that vouch for alternative systems. Indeed, we propose a normative framework that is based on the opt-out system for non-personal data combined with the application of the GDPR to the relatives’ personal data.