To see the other types of publications on this topic, follow the link: EU General Data Protection Regulation (GDPR).
Journal articles on the topic 'EU General Data Protection Regulation (GDPR)'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 journal articles for your research on the topic 'EU General Data Protection Regulation (GDPR).'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.
1
Bhaimia, Sahar. "The General Data Protection Regulation: the Next Generation of EU Data Protection." Legal Information Management 18, no. 1 (2018): 21–28. http://dx.doi.org/10.1017/s1472669618000051.
Full textAbstract:
AbstractThis article, written by Sahar Bhaimia, presents an overview of the General Data Protection Regulation (EU) (2016/679) (GDPR) which will apply automatically across the EU on 25 May 2018. The GDPR is an update and reform of existing EU data protection law, first established by the Data Protection Directive (1995/46/EC). The article is for knowledge managers and information services professionals who may be asked to take on responsibility for GDPR, and focuses on the UK. It covers the fundamentals of EU data protection law, highlights key changes brought about by the GDPR, and provides practical tips and suggestions for knowledge managers.
2
Editorial, Team IndraStra Global. "Understanding the DNA of EU's GDPR." IndraStra Global 004, no. 04 (2018): 0021. https://doi.org/10.5281/zenodo.1221358.
Full textAbstract:
On May 25, 2018, a new data protection regulation touted as <strong>General Data Protection Regulation (GDPR), Regulation (European Union - EU) 2016/689</strong>, will come into force in the European Union (EU) and its 28 Member States. It will replace the <strong>1995 EU Data Protection Directive 95/46/EC</strong>. The GDPR will have a significant impact in protecting the data and digital footprint of users of apps and another digital platform. It will provide significant new data privacy protections for individuals residing in EU states.
3
Kuner, Christopher. "Protecting EU data outside EU borders under the GDPR." Common Market Law Review 60, Issue 1 (2023): 77–106. http://dx.doi.org/10.54648/cola2023004.
Full textAbstract:
The EU General Data Protection Regulation (GDPR) aims to protect personal data outside EU borders by its rules on territorial scope and its restrictions on international data transfers. Despite its importance in EU fundamental rights law, the purpose and interaction of the GDPR’s protections of cross-border data processing have long been shrouded in confusion. Initiatives of EU bodies to interpret the GDPR’s safeguards illustrate the need for EU law to demonstrate clarity and consistency in defending fundamental rights outside EU borders. Only by maintaining the high level of protection required by the GDPR and the Court of Justice, can the EU’s ambitions of cross-border data protection be realized and the GDPR’s influence in third countries be maintained. data protection, GDPR, territorial scope, international data transfers, Court of Justice, European Commission, European Data Protection Board
4
Simbolon, Valentina Ancillia, and Vishnu Juwono. "Comparative Review of Personal Data Protection Policy in Indonesia and The European Union General Data Protection Regulation." Publik (Jurnal Ilmu Administrasi) 11, no. 2 (2022): 178. http://dx.doi.org/10.31314/pjia.11.2.178-190.2022.
Full textAbstract:
Data leakage is one of the high potentials for criminal acts in cyberspace. The Indonesian government passed the Personal Data Protection Act (UU PDP) to ensure the security of every citizen's personal data. This study aims to compare the policies of the Personal Data Protection Act with the European Union General Data Protection Regulations (EU-GDPR). This study uses a qualitative descriptive analysis method with data from previous studies and official releases from the Indonesian government and the European Union. The results of this study illustrate that the PDP Law and the EU-GDPR have the same arrangements regarding the rights of personal data subjects. In the data processing aspect, the principle of processing personal data in the PDP Law is not mandatory. In contrast, in the EU-GDPR, the principle of processing personal data is mandatory. In the aspect of controlling and processing personal data, both rights and responsibilities are almost the same, both for the PDP Law and the EU-GDPR. In the aspect of imposing sanctions, EU-GDPR is more apparent in the mechanism of imposing sanctions in the form of fines. While in the PDP Law, sanctions consist of administrative sanctions, criminal sanctions, and criminal fines, the mechanism of imposing sanctions is not yet clear.
5
Cvik, Eva Daniela, Radka MacGregor Pelikánová, and Michal Malý. "Selected Issues from the Dark Side of the General Data Protection Regulation." Review of Economic Perspectives 18, no. 4 (2018): 387–407. http://dx.doi.org/10.2478/revecp-2018-0020.
Full textAbstract:
Abstract The Regulation (EU) 2016/679 on the protection of personal data (GDPR) was enacted in 2016 and applies from 25thMay 2018 in the entire EU. The GDPR is a product of an ambitious reform and represents a direct penetration of the EU law into the legal systems of the EU member states. The EU works on the enhancement of awareness about the GDPR and points out its bright side. However, the GDPR has its dark side as well, which will inevitably have a negative impact. Hence, the goal of this paper is twofold - (i) to scientifically identify, forecast, and analyze selected problematic aspects of the GDPR and its implementation, in particular for Czech municipalities, and (ii) to propose recommendations about how to reduce, or even avoid, their negative impacts. These theoretic analyses are projected to a Czech case study focusing on municipalities, which offers fresh primary data and allows a further refining of the proposed recommendations. An integral part of the performed analyses is also a theoretic forecast of expenses linked to the GDPR, which municipalities will have to include in their mandatory expenses and mid-term prognostic expectations regarding the impact on the budgets of these municipalities from Central Bohemia. The GDPR, like Charon, is at the crossing, the capacity and knowledge regarding its application is critical for operating in the EU in 2018. It is time both to admit that the GDPR has its dark side and to present real and practical recommendations about how to mitigate it.
6
Kuner, Christopher. "International Organizations and the EU General Data Protection Regulation." International Organizations Law Review 16, no. 1 (2019): 158–91. http://dx.doi.org/10.1163/15723747-2019008.
Full textAbstract:
The importance of personal data processing for international organizations (‘IOs’) demonstrates the need for them to implement data protection in their work. The EU General Data Protection Regulation (‘GDPR’) will be influential around the world, and will impact IOs as well. Its application to them should be determined under relevant principles of EU law and public international law, and it should be interpreted consistently with the international obligations of the EU and its Member States. However, IOs should implement data protection measures regardless of whether the GDPR applies to them in a legal sense. There is a need for EU law and international law to take each other better into account, so that IOs can enjoy their privileges and immunities also with regard to EU law and avoid conflicts with international law, while still providing a high level of data protection in their operations.
7
Hendrie, Melissa. "Brexit: Is This the End for the General Data Protection Regulation?" Business Law Review 37, Issue 5 (2016): 173–74. http://dx.doi.org/10.54648/bula2016032.
Full textAbstract:
The confirmed exit of the United Kingdom from the European Union (EU) coincides with significant reform of European data protection law. Such reform will arise through the European General Data Protection Regulation (GDPR) which is on course for direct enforcement in all EU Member States as of May 2018. Separation negotiations must be endured before finalization of an EU-UK divorce, the product of which will determine the role of GDPR in Britain’s future.
8
Ryngaert, Cedric, and Mistale Taylor. "The GDPR as Global Data Protection Regulation?" AJIL Unbound 114 (2020): 5–9. http://dx.doi.org/10.1017/aju.2019.80.
Full textAbstract:
The deterritorialization of the Internet and international communications technology has given rise to acute jurisdictional questions regarding who may regulate online activities. In the absence of a global regulator, states act unilaterally, applying their own laws to transborder activities. The EU's “extraterritorial” application of its data protection legislation—initially the Data Protection Directive (DPD) and, since 2018, the General Data Protection Regulation (GDPR)—is a case in point. The GDPR applies to “the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to: (a) the offering of goods or services . . . to such data subjects in the Union; or (b) the monitoring of their behaviour . . . within the Union.” It also conditions data transfers outside the EU on third states having adequate (meaning essentially equivalent) data protection standards. This essay outlines forms of extraterritoriality evident in EU data protection law, which could be legitimized by certain fundamental rights obligations. It then looks at how the EU balances data protection with third states’ countervailing interests. This approach can involve burdens not only for third states or corporations, but also for the EU political branches themselves. EU law viewed through the lens of public international law shows how local regulation is going global, despite its goal of protecting only EU data subjects.
9
Kim, Hansol. "Legislative Harmonization of Brazilian Data Protection Law with EU GDPR: A Comparative Study on the EU GDPR and Brazil's LGPD." Center for Legislative Studies, Gyeongin National University of Education 2 (December 31, 2022): 105–42. http://dx.doi.org/10.58555/li.2022.2.105.
Full textAbstract:
Recently, major countries and international organizations, including the European Union, are reforming their personal data protection system, which is understood to seek the reasonable balance between the protection of personal information and communication technologies that have developed rapidly over the past three decades. The General Data Protection Regulation (GDPR), enacted by the EU in May 2016, is the world's most powerful privacy system now, and since the GDPR was enacted, EU trade partners have been actively striving to align their own data protection legislations with the GDPR by adopting and amending theirs to meet the global data protection standards. Brazil, as Latin America's economic giant, has also spent a long time finding the balance point between creating economic profits and protecting human rights under the pressure of mediating the conflicting values of using and protecting personal information. As a result of the conflict, the Brazilian General Data Protection Regulation(LGPD), affected by the EU GDPR, was passed on August 15, 2018 after eight years of discussion. This study began with questions about how specific the Brazilian LGPD was influenced by the European GDPR and how these two legislations were harmonized in the global society. We examined the system and status of Brazil's personal information legislation, as well as the legislative progress of the new legislation, and went on to conduct comparative legal reviews of the two legislations to find out the similarities and differences between them. Furthermore, we looked at the implications of Brazilian legislation for our legislation and sought compatibility between the value of privacy protection and the development of information technology.
10
Sirait, Yohanes Hermanto. "GENERAL DATA PROTECTION REGULATION (GDPR) DAN KEDAULATAN NEGARA NON-UNI EROPA." Gorontalo Law Review 2, no. 2 (2019): 60. http://dx.doi.org/10.32662/golrev.v2i2.704.
Full textAbstract:
Generally, the GDPR applies to data processing activities conducted by organisations established in the European Union (EU). But in certain activities, GDPR may also apply outside EU according to extra-teritorial principle. This principle has correlation to concept of sovereignty in international law. This article aims to examine whether a state must abide to GDPR when the requirement fulfiled or should the states use their sovereignty as a basis to deny it. This article is normative legal research. It focus on case-law, statutes and other legal source as primary and subsidiary source. The analysis is deductive by reasoning from more general to more specific. The result show that extra-teritorial principle under GDPR is in accordance to international law. The practice is common in the world in order to protect the citizen and national interest from any threat from abroad. The chance of overlapping between this principles with state’s sovereignty is hardly to occur as the principle only works when the interest of European citizen violated.
11
Hölbl, Marko, Boštjan Kežmah, and Marko Kompara. "Data Protection Heterogeneity in the European Union." Applied Sciences 11, no. 22 (2021): 10912. http://dx.doi.org/10.3390/app112210912.
Full textAbstract:
In light of digitalisation, we are witnessing an increased volume of collected data and data generation and exchange acceleration. Therefore, the European Union (EU) has introduced the General Data Protection Regulation (GDPR) as a new framework for data protection on the European level. However, GDPR allows the member states to change some parts of the regulation, and the member states can always build on top of the GDPR. An example is the collection of biometric data with electronic signatures. This paper aims to compare the legislation on data protection topics in the various EU member states. The findings show that the member states included in the study generally do not have many additional/specific laws (only in 29.4% of the cases). However, almost all have other/additional legislation to the GDPR on at least one topic. The most additional legislation is on the topics of video surveillance, biometry, genetic data and health data. We also introduce a dynamic map that allows for quick navigating between different information categories and comparisons of the EU member states at a glance.
12
Mazur, Marek. "SCOPE AND NATURE OF CHANGES IN PERSONAL DATA PROTECTION SYSTEMS OF PUBLIC INSTITUTIONS IN THE LIGHT OF THE PROVISIONS OF THE GDPR (GENERAL DATA PROTECTION REGULATION)." Kultura Bezpieczeństwa. Nauka – Praktyka - Refleksje 31, no. 31 (2018): 169–86. http://dx.doi.org/10.5604/01.3001.0012.8602.
Full textAbstract:
The EU GDPR Regulation introduced rules and regulations on the protection of individuals with regard to the processing of their personal data regardless of their citizenship or place of residence. The article focuses on issues related directly to the regulation on the protection of personal data and related to documents that regulate the protection of personal data and their processing in public institutions in Poland. The author presents basic estimates about the entry of the GDPR Regulation, indicates the importance of individual Dobies/organisations and entities playing a key role in the protection of personal data on the territory of Poland. It describes the documents that establish minimum standards for personal data protection systems to be developed in public institutions to guarantee security. In this article, the author attempted to indicate the scope and nature of changes in personal data systems in the light of the provisions of the GDPR Regulation.
13
Alhababi, Hamad Hamed. "Cross-Border Data Transfer between the gcc Data Protection Laws and the gdpr." Global Journal of Comparative Law 13, no. 2 (2024): 178–200. http://dx.doi.org/10.1163/2211906x-13020003.
Full textAbstract:
Abstract This article explores the procedures related to data protection laws in the Gulf Cooperation Council States (gcc) and the European Union (EU) regarding the General Data Protection Regulation (gdpr). It draws conclusions about the rules governing the transfer of personal information outside of a country. Transfers of personal data to foreign countries or international organizations are discussed, specifically, transfers based on an ‘adequacy’ judgment, or transfers subject to suitable protections. The article also highlights the primary modifications made to safeguard the outbound transmission of personal information in the EU and the gcc states. The article shows that the gcc nations are concerned about protecting citizens and residents’ personal information and that there is room for development in the legislative process regarding the improvement of personal data protection regulations.
14
Rosentau, Mario. "The General Data Protection Regulation and its Violation of EU Treaties." Juridica International 27 (September 30, 2018): 36–40. http://dx.doi.org/10.12697/ji.2018.27.03.
Full textAbstract:
While the EU General Data Protection Regulation, which entered force on 25 May, is generally good and necessary in its vigorous protection of the fundamental rights of self‑determination and identity of European people, the article identifies a core issue that has gone unnoticed: the GDPR violates EU treaties. It is, at base, a ‘European law’, yet European laws are banned under the TEU and TFEU. The article examines the background for this conflict. The ambitious plan for ratification of 2003’s draft treaty establishing a constitution for Europe fell at the first hurdle in 2005. The draft Constitution envisaged a legislative innovation: the European law and European framework law, directly applicable in the Member States and superior to them. These legal instruments, envisaged as replacing EU regulations, could readily be cited as a major federalist pillar of the draft. Yet there would be no European laws – they were rejected with the draft constitution in the 2005 referenda, and the current treaties do not foresee any law-like European legislation. The author outlines the GDPR’s nature as a European law thus: the regulation 1) potentially concerns all residents of Europe, albeit by adding to the rights of individuals and protecting their freedoms; 2) addresses virtually all legal entities and undertakings acting, physically or through a network, in the European judicial area; 3) addresses the Member States and the EU itself; 4) and has cross-border applicability and covers the whole EU. Furthermore, its reach extends to service providers outside the EU if their service targets EU data subjects. There are substantial impacts on subjects on whom obligations are substantial. Hence, the author concludes that the GDPR’s scope, depth, and impacts exceed all the limits that the EU treaties permit for regulations. Furthermore, the treaties do not even know the term ‘general regulation’. Since the GDPR possesses the characteristics of a ‘European law’ – and even is ‘seamlessly’ positioned in a place reserved by the draft EU Constitution for the ‘European law on data protection’ – while such laws have been rejected, a key issue is highlighted: how deep an EU-level political integration and relinquishment of the individual European nations’ sovereignty do the Member States actually want? For instance, most analyses of the causes of Brexit cite loss of sovereignty of the UK as one of the main factors in the decision. The author concludes that, since the GDPR is with us to stay, amendment of the EU treaties can no longer be avoided. Noble objectives cannot justify infringements of the present ‘European Constitution’ and the constitutions of the Member States.
15
Kneuper, Ralf. "Data Protection in the EU and its Implications on Software Development outside the EU." Journal of Institute of Science and Technology 24, no. 1 (2019): 1–5. http://dx.doi.org/10.3126/jist.v24i1.24620.
Full textAbstract:
In May 2018, the General Data Protection Regulation (GDPR 2016) came into effect in the European Union (EU), defining requirements on how to handle personal data of EU citizens. This report discusses the effects of this regulation on software development organisations outside the EU, and summaries the software requirements that result from GDPR and therefore apply to most information technology (IT) systems that will handle data of individuals based in the EU.
16
Bin Othman, Mohd Bahrin, and Muhammad Faiz Bin Abu Samah. "The Magnitude of GDPR To Malaysia." Malaysian Journal of Social Sciences and Humanities (MJSSH) 7, no. 9 (2022): e001776. http://dx.doi.org/10.47405/mjssh.v7i9.1776.
Full textAbstract:
The European Union (“EU”) General Data Protection Regulation (“GDPR”) governs any individuals or companies that stores or processes personal information about EU citizens within EU states even if it does not involve a business presence within the EU. Malaysian businesses need to comply with the GDPR as failure to comply will cause disruption or discontinuance of business. This paper aims to understand and evaluate the scope of the GDPR and its effect on personal data protection in Malaysia. It employs a doctrinal qualitative approach by examining the GDPR and the Malaysia Personal Data Protection Act 2010. This paper suggests that the GDPR provides a more comprehensive law with its holistic principles and rights which may provide lessons for Malaysia in protecting personal data as the area covered by the GDPR is broader specifically the non-commercial transactions, its wider range of rights and the extraterritorial applicability.
17
Voinea, Dan Valeriu. "GDPR RULES AND EXCEPTIONS FOR JOURNALISTS." Annals of the University of Craiova for Journalism, Communication and Management 7, no. 1 (2025): 109–14. https://doi.org/10.5281/zenodo.15249208.
Full textAbstract:
This paper examines the impact of the General Data Protection Regulation (GDPR) on journalistic practices and freedom of expression. Implemented in 2018, the GDPR aims to enhance personal data protection while recognizing the need to balance these protections with freedom of expression. The study focuses on key GDPR provisions relevant to journalism, particularly Article 85, which requires Member States to reconcile data protection rights with freedom of expression. It explores the varying implementations of these provisions across EU Member States and discusses the challenges posed by the GDPR to journalistic practices, including issues related to the right to erasure and data protection in investigative reporting. The paper also considers the GDPR's global influence on data protection standards. While the GDPR has set new benchmarks for data protection, its interaction with journalistic activities remains complex and evolving. The research concludes by identifying areas for further investigation, including comparative analyses of national implementations and the long-term impact of GDPR on press freedom.
18
Martin, Nicholas, Christian Matt, Crispin Niebel, and Knut Blind. "How Data Protection Regulation Affects Startup Innovation." Information Systems Frontiers 21, no. 6 (2019): 1307–24. http://dx.doi.org/10.1007/s10796-019-09974-2.
Full textAbstract:
AbstractWhile many data-driven businesses have seen rapid growth in recent years, their business development might be highly contingent upon data protection regulation. While it is often claimed that stricter regulation penalizes firms, there is only scarce empirical evidence for this. We therefore study how data protection regulation affects startup innovation, exploring this question during the ongoing introduction of the EU General Data Protection Regulation (GDPR). Our results show that the effects of data protection regulation on startup innovation are complex: it simultaneously stimulates and constrains innovation. We identify six distinct firm responses to the effects of the GDPR; three that stimulate innovation, and three that constrain it. We furthermore identify two key stipulations in the GDPR that account for the most important innovation constraints. Implications and potential policy responses are discussed.
19
Md. Toriqul Islam and Mohammad Ershadul Karim. "EXTRATERRITORIAL APPLICATION OF THE EU GENERAL DATA PROTECTION REGULATION: AN INTERNATIONAL LAW PERSPECTIVE." IIUM Law Journal 28, no. 2 (2021): 531–65. http://dx.doi.org/10.31436/iiumlj.v28i2.495.
Full textAbstract:
The General Data Protection Regulation (the GDPR) of the European Union (EU) emerges as a hot-button issue in contemporary global politics, policies, and business. Based on an omnibus legal substance, extensive extraterritorial scope and influential market powers, it appears as a standard for global data protection regulations as can be witnessed by the growing tendency of adopting, or adjusting relevant national laws following the instrument across the globe. Under Article 3, of the GDPR applies against any data controller or processor within and outside the EU, who process the personal data of EU residents. Therefore, the long arm of the GDPR is extended to cover the whole world, including Malaysia. This gives rise to tension worldwide, as non-compliance thereof leads to severe fines of up to €20 million or 4% of annual turnover. This is not a hypothetical possibility, rather a reality, as a huge amount of fines are already imposed on many foreign companies, such as Google, Facebook, Uber, and Equifax to name a few. Such a scenario, due to the existence of state sovereignty principles under international law, has made the researchers around the world curious about some questions, why does the EU adopt an instrument having the extraterritorial application; whether the extraterritorial scope is legitimate under normative international law; how the provisions of this instrument can be enforced, and how these are justified. This article attempts to search for answers to those questions by analyzing the relevant rules and norms of international law and the techniques of the EU employed. The article concludes with the findings that the extraterritorial scope of the GDPR is justified under international law in a changed global context. The findings of this article will enlighten the relevant stakeholders, including Malaysian policymakers and business entities, to realise the theoretical aspects of inclusion of the extraterritorial feature of the GDPR, and this understanding may facilitate them to map their future strategies.
20
Revenco, Tatiana, and Gregory Collet. "Overview of the European General Data Protection Regulation (GDPR) impact on medical writing for clinical trials." Medical Writing 32, no. 1 (2023): 76–81. http://dx.doi.org/10.56012/ivhe5802.
Full textAbstract:
The European General Data Protection Regulation 2016/ 679 (GDPR) aims to ensure the security and privacy of individuals in the European Union (EU). Companies located within and outside of the EU must comply with GDPR when processing personal data of EU citizens. Medical writing includes the development of documents related to clinical research. To develop those documents, medical writers have access to personal data, including health information considered as sensitive data. Therefore, medical writing falls within the purview of GDPR and must comply with its requirements. This article is an overview of the impact of GDPR on medical writing including security measures such as anonymisation, pseudonymisation, and data minimisation techniques. It also provides an overview of the technical and organisational actions in the framework of medical writing to guarantee respect of data subjects’ rights and freedoms.
21
Brown, Rafael, Jon Truby, and Imad Antoine Ibrahim. "Mending Lacunas in the EU’s GDPR and Proposed Artificial Intelligence Regulation." European Studies 9, no. 1 (2022): 61–90. http://dx.doi.org/10.2478/eustu-2022-0003.
Full textAbstract:
Summary The European Union (EU) is leading in the regulation of data privacy and artificial intelligence through the General Data Protection Regulation (GDPR), the proposed European Commission (EC) regulation, and the proposed European Parliament (EP) regulations concerning Artificial Intelligence (AI). The EU also regulates AI through ethical aspects and Intellectual Property Rights as well as the Council of Europe’s conclusions concerning the use of sandboxes regulations and experimentation clauses. This article highlights the EU’s missed opportunities to create synergies between the GDPR and the proposed AI regulations, given that in several instances they deal with issues that must be regulated from an AI perspective, while simultaneously ensuring data protection of EU citizens. In particular, the EU’s ad hoc approach to AI regulation creates lacunas because of its failure to fully integrate the essential components of AI data and algorithm within a regulatory framework.
22
Seun Solomon Bakare, Adekunle Oyeyemi Adeniyi, Chidiogo Uzoamaka Akpuokwe, and Nkechi Emmanuella Eneh. "DATA PRIVACY LAWS AND COMPLIANCE: A COMPARATIVE REVIEW OF THE EU GDPR AND USA REGULATIONS." Computer Science & IT Research Journal 5, no. 3 (2024): 528–43. http://dx.doi.org/10.51594/csitrj.v5i3.859.
Full textAbstract:
This Review provides an overview of the comparative review of data privacy laws and compliance, focusing on the European Union's General Data Protection Regulation (EU GDPR) and data protection regulations in the United States. The analysis explores key similarities and differences, emphasizing their implications for businesses and individuals. The EU GDPR, implemented in 2018, stands as a landmark regulation governing data protection and privacy for individuals within the European Union and the European Economic Area. In contrast, the United States lacks a comprehensive federal data privacy law. Instead, it relies on a patchwork of sector-specific laws and state regulations, such as the California Consumer Privacy Act (CCPA) and the Health Insurance Portability and Accountability Act (HIPAA). One major distinction lies in the overarching principles of these regulations. The EU GDPR adopts a comprehensive and rights-based approach, emphasizing individual rights to privacy, data portability, and the "right to be forgotten." In contrast, the U.S. system often focuses on specific industries or types of data, leading to a more fragmented regulatory landscape. Both regulatory frameworks incorporate principles of transparency, consent, and data breach notification. However, differences in enforcement mechanisms and penalties exist. The EU GDPR imposes significant fines for non-compliance, reaching up to 4% of a company's global annual revenue. In the U.S., penalties vary by state, and enforcement is often reactive, triggered by data breaches. Businesses operating globally must navigate these distinct regulatory landscapes, necessitating a nuanced approach to data privacy compliance. Multinational corporations must adhere to the more stringent requirements when handling EU citizens' data while also considering the diverse regulations within the U.S. This review underscores the ongoing evolution of data privacy laws worldwide and the critical importance for organizations to stay abreast of these developments. It emphasizes the need for a proactive and adaptive approach to data privacy compliance, taking into account the unique requirements and expectations of both the EU GDPR and U.S. regulations.
 Keywords: Data Privacy, Laws, Compliance, EU GDPR, Regulations.
23
Ammar, Younas, and Tohir ogli Mirzaraimov Bakhodir. "To What Extent are Consumers Harmed in the Digital Market from the Perspective of the GDPR?" International Journal of Multidisciplinary Research and Analysis 04, no. 08 (2021): 1187–92. https://doi.org/10.47191/ijmra/v4-i8-17.
Full textAbstract:
The European Union has recently enacted a new law, the General Data Protection Regulation (GDPR),1 which is designed to strengthen existing data protection legislation in the EU. The selection of Regulation itself as a legal instrument makes the GDPR stronger than Directive as it ensures a uniform and consistent implementation of rules thereby, consolidating the EU digital single market. The GDPR reforms existing data protection policy by imposing more stringent obligations on not only data controllers but also on data processors relating to obtaining a valid consent,2 ensuring transparency of automated decision making3 and security of data processing,4 and by providing new rights for data subjects. Data subjects are entitled to withdraw their consent,5 request their data to be transferred to another data controller6 or to be deleted.7 Also, the GDPR includes certain principles aimed at regulating its cross border transfers of the EU citizens’ personal data to ensure a high level of protection outside the EU.8 Taking into account the above mentioned policies along with others, some scholars describe the GDPR as ‘the most consequential regulatory development in information policy in generation’ that has teeth.9 However, the GDPR cannot be claimed as a legal instrument that effectively deals with all threats of the digital market to consumers. This paper argues that although the GDPR has considerably expanded the rights of consumers thereby, enabling them to regain control over their personal data to certain extent, the effectiveness of its principles is limited and cannot ensure full security of data processing. Firstly, it examines the effectiveness of consent principle of the GDPR in empowering consumers to control over their data and make a genuine choice. Secondly, it analyzes “data control-rights” of consumers. Finally, it comprehensively discusses extraterritorial application of the GDPR and regulation of international transfers of data.
24
Raković, Radoslav. "Personal data protection: Actual status and challenges." Tehnika 77, no. 5 (2022): 501–8. http://dx.doi.org/10.5937/tehnika2204501r.
Full textAbstract:
Fundamental information security management standard ISO 27001 declares need for protecting basic features of information - confidentiality, integrity and availability - and defines 114 controls oriented to technical, organizational and combined actions that should enable it. Particular issue represents personal data protection that is subject of particular General Data protection Regulation (GDPR) has been appplied in EU from 25.05.2018. and paricular Law on personal data protection of Republic of Serbia has been applied from 22.08.2019. After brief review of the GDPR and the subject law, actual status of personal data protection in Serbia are considered, as well as challenges we will face in the future in this area.
25
Gilbert, Chris, and Mercy Abiola Gilbert. "Impact of General Data Protection Regulation (GDPR) on Data Breach Response Strategies (DBRS)." International Journal of Research and Innovation in Social Science IX, no. XIV (2025): 760–84. https://doi.org/10.47772/ijriss.2025.914mg0061.
Full textAbstract:
In today’s digital landscape, data breaches have emerged as a significant threat, endangering both organizations and individuals by exposing sensitive information. The introduction of the General Data Protection Regulation (GDPR) by the European Union in May 2018 has profoundly reshaped global data privacy standards. This regulation not only enforces strict data protection measures within the EU but also extends its reach to organizations worldwide, compelling them to enhance their data breach response strategies. This paper examines the substantial impact of GDPR on how organizations manage data breaches, emphasizing the necessity for proactive measures and well-structured response protocols. By analyzing key provisions of GDPR, particularly the mandatory breach notifications outlined in the surveyed literature, the study underscores the critical role of Data Protection Officers (DPOs) and the importance of collaboration between data controllers and processors. Through case studies across diverse sectors—including aviation, hospitality, healthcare, and finance—the paper illustrates the varied implications of GDPR compliance and the severe consequences of non-compliance. The findings reveal that while GDPR introduces significant compliance challenges, it also fosters a culture of enhanced data security and trust. Organizations are encouraged to adopt advanced technical measures such as encryption and intrusion detection systems, conduct regular security audits, and engage in continuous employee training to mitigate risks and ensure compliance. Ultimately, this paper demonstrates that effective GDPR compliance not only minimizes the risks associated with data breaches but also provides organizations with a competitive advantage in the increasingly data-driven global economy.
26
He, Zhi Le, Dao Li Huang, and Yun Ting Lei. "The Background and the International and Domestic Impact of 'General Data Protection Regulation'." Applied Mechanics and Materials 599-601 (August 2014): 2173–77. http://dx.doi.org/10.4028/www.scientific.net/amm.599-601.2173.
Full textAbstract:
With the development of globalization and new technology, it is difficult for the existing data protection framework of EU to adapt to the new challenges inbig data era. The European Commission sought to establish new legal framework to deal with challenges actively, so“General Data Protection Regulation“£ ̈GDPR£©was enacted in November2012. Analysis of GDPR background andthe overview of its impact to the world and Chinaare significant for the dialysis of the development trend of the contemporary data protection and the creation of a safe and reliable onlineenvironment.
27
Novović, Miloš. "Arbitrability of Data Protection Disputes: Personal Data, Personalized Justice?" European Review of Contract Law 19, no. 3 (2023): 215–38. http://dx.doi.org/10.1515/ercl-2023-2012.
Full textAbstract:
Abstract This article explores the interplay between international arbitration and data subject compensation claims under the General Data Protection Regulation (GDPR). The analysis focuses on the validity and enforcement of arbitration agreements and the resulting awards. The article argues that despite potential skepticism, arbitration can offer significant benefits to data subjects, and that compensation claims under the GDPR should be considered arbitrable under the New York Convention and CJEU case law. The article further argues that EU courts have a duty to refer disputes to arbitration, and that the mandatory provisions of EU law have limited means of interfering with this duty. Furthermore, it establishes that the misapplication of GDPR provisions does not automatically justify the denial of arbitral award recognition. The article argues that this is a natural extension of trust traditionally shown to arbitrators, and that such trust should not be easily cast aside.
28
Dewitte, Pierre. "A Brief History of Data Protection by Design." Technology and Regulation 2023 (September 13, 2024): 80–94. https://doi.org/10.71265/n27g6m54.
Full textAbstract:
Article 25(1) of the General Data Protection Regulation (“GDPR”) is the first provision that comes to mind when discussing data protection by design. Yet, the origins of that concept can be traced back to an idea that was already solidly established in the software engineering community before its adoption. Besides, the GDPR is not the first binding piece of legislation that incorporates such an obligation. This paper unravels the history of data protection by design by delving into its technical roots and outlining the national and EU initiatives that have preceded the GDPR. Such a retrospective provides the necessary background to understand the implications and scope of its current manifestation in the text of the Regulation.
29
Yakovleva, Svetlana, and Kristina Irion. "Toward Compatibility of the EU Trade Policy with the General Data Protection Regulation." AJIL Unbound 114 (2020): 10–14. http://dx.doi.org/10.1017/aju.2019.81.
Full textAbstract:
The European Union's (EU) negotiating position on cross-border data flows, which the EU has recently included in its proposal for the World Trade Organization (WTO) talks on e-commerce, not only enshrines the protection of privacy and personal data as fundamental rights, but also creates a broad exception for a Member's restrictions on cross-border transfers of personal data. This essay argues that maintaining such a strong position in trade negotiations is essential for the EU to preserve the internal compatibility of its legal system when it comes to the right to protection of personal data under the EU Charter of Fundamental Rights (EU Charter) and the recently adopted General Data Protection Regulation (GDPR).
30
Doulcet, Caroline. "Is the GDPR efficient in protecting EU citizens against the privacy risks raised by social media?" Journal of Data Protection & Privacy 7, no. 4 (2025): 331. https://doi.org/10.69554/xact2373.
Full textAbstract:
The General Data Protection Regulation (GDPR) was adopted for a noble cause: protecting European Union (EU) citizens’ privacy and the EU social model founded on the values of dignity, freedom, democracy, equality, the rule of law and respect for human rights. Thanks to the magnitude of its fines, the GDPR attracted much attention from media, companies and legislators far beyond the EU and greatly helped expand the protection of personal data worldwide. Seven years after coming into force, however, it appears that the GDPR has failed to stop social media from massively tracking EU citizens’ online activity, monetising their privacy and personal data, exploiting their vulnerabilities and manipulating them for commercial and political purposes. This paper aims to demonstrate that the GDPR failure is mainly due to: (1) an individualist approach to data protection; (2) the absence of any absolute prohibition; (3) the concept of lawfulness conceived as mere procedural exercise; (4) the tendency of the EU supervisory authorities and legislators to prioritise individual consent as the GDPR’s legal basis for online social media behavioural advertising activities, despite its inability to efficiently protect individuals’ and collective democratic rights and values; (5) insufficient use of the overarching fairness principle to draw red lines from the outset; and (6) inefficient EU data protection authorities’ enforcement strategy towards social media. The GDPR should be amended to adopt another paradigm focused on a risk-based approach that considers collective interests, such as the EU regulation on artificial intelligence (AI). Although the European Commission (EC) has not proposed any amendment to the GDPR following its reports on GDPR application in 2020 and 2024, it seems urgent to make these changes given the geopolitical context and the omnipotence of social media in the US. Moving away from an individualist vision of data protection will help put an end to the overreliance on consent for digital services and personalised online advertising. This paper is also included in The Business & Management Collection which can be accessed at https://hstalks.com/business/.
31
Freitas, Pedro Miguel. "The General Data Protection Regulation: an overview of the penalties’ provisions from a Portuguese standpoint." UNIO – EU Law Journal 4, no. 2 (2018): 99–104. http://dx.doi.org/10.21814/unio.4.2.10.
Full textAbstract:
The aim of this paper is to analyse the punitive regime foreseen in the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR). The administrative fines’ regime found in Article 83 of the GDPR and some of the questions it arises will be explored. We conclude that the Member States should adopt a critical stance when adapting their national legislation to the norms of the GDPR. The fundamental principles enshrined in national constitutions and supranational legal texts must be closely analysed and observed since the GDPR introduces a mandatory sanctions framework.
32
N. Tsiptse, Olga. "EU Data Protection Regulation and How It Affects Arbitration and ADR-ODR." Revista Brasileira de Alternative Dispute Resolution 3, no. 5 (2021): 195–202. http://dx.doi.org/10.52028/rbadr.v3i5.9.
Full textAbstract:
On May 2018 a European Regulation, with direct force to all European Members, was in action. The General Data Protection Regulation, EU2016/679. A severe Regulation that was published in 2016 and set a 2-year period of time for all the Member States to be adjusted. This text, that implies huge fines for noncompliance, also affects the ADR mechanisms, like Arbitration, Mediation, etc. There is a paramount importance Principle of accountability, that GDPR implies, which requires data controllers to take personal responsibility for data protection compliance and record the measures they take to comply with their data protection obligations. Even almost 3 years have passed, the issues still remain: How is the interaction between ADR and GDPR? Which are the roles of the actors of alternative dispute resolution methods, and due to these roles which are the responsibilities? What is considered a lawful process, in accordance with GDPR, during the procedure of an ADR mechanism? It is also paramount to take into consideration, that the scope of that European Regulation affects directly even actors of non-EU territory, according to article 3.2 & 3 GDPR: 2. This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to: - the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; or – the monitoring of their behavior as far as their behavior takes place within the Union. 3. This Regulation applies to the processing of personal data by a controller not established in the Union, but in a place where Member State law applies by virtue of public international law.
33
Moniz, Graça Canto. "Finally: a coherent framework for the extraterritorial scope of EU data protection law - the end of the linguistic conundrum of Article 3(2) of the GDPR." UNIO – EU Law Journal 4, no. 2 (2018): 105–16. http://dx.doi.org/10.21814/unio.4.2.11.
Full textAbstract:
The extraterritorial scope of European Union’s (EU) data protection law has been a controversial issue since the adoption of Directive 95/46/EC. The General Data Protection Regulation (GDPR) partially restructures the terms of the extraterritorial reach of EU data protection law and introduces new elements to an old debate. This contribution seeks to address one of those elements, concerning a linguistic ambivalence found in Article 3 (2) of the GDPR, and stress the practical consequences that emerge from this conundrum.
34
Scholliers, Annelies, Dimitri De Fré, Inge D’haese, and Stefan Gogaert. "The Impact of the New European Union General Data Protection Regulation (GDPR) on Data Collection at Mass Gatherings." Prehospital and Disaster Medicine 34, s1 (2019): s138. http://dx.doi.org/10.1017/s1049023x19003042.
Full textAbstract:
Introduction:As of May 2018, a new European privacy law called the General Data Protection Regulation (GDPR) is in order. With this law, every organization operating in the European Union (EU), needs to adhere to a strict set of rules concerning collection and processing of personal data.Aim:To explore the consequences of the GDPR for data collection at mass gatherings in the European Union.Methods:Since the law was published on April 27, 2016, a thorough reading of the law was conducted by 4 persons with a background in mass gathering health. The GDPR consists of 99 articles organized into 11 chapters. There are also 173 recitals to further explain certain ambiguities. Key articles and recitals relating to healthcare and scientific research were identified. Possible pitfalls and opportunities for data collection and processing at mass gatherings were noted.Discussion:Under article 4, key definitions are noted. There is a clear definition of “data concerning health”. According to the GDPR, health data is a special category of personal data which should not be processed according to article 9(1). However, there is an exception for scientific research (article 9(2)(j)). There are a few safeguards in place, as laid out in article 89. One interesting point is that according to article 89(2), certain derogations can take place if the law interferes with scientific research. The GDPR has major consequences for data collection and processing in the EU. However, with the use of certain safeguards (e.g., pseudonymization) there are still ample opportunities for scientific research. It is important to review one’s method of data collection to make sure it complies with the GDPR.
35
Schwartz, Paul M. "The Data Privacy Law of Brexit: Theories of Preference Change." Theoretical Inquiries in Law 22, no. 2 (2021): 111–52. http://dx.doi.org/10.1515/til-2021-0019.
Full textAbstract:
Abstract Upon Brexit, the United Kingdom chose to follow the path of EU data protection and remain tied to the requirements of the General Data Protection Regulation (GDPR). It even enacted the GDPR into its domestic law. This Article evaluates five models relating to preference change, demonstrating how they identify different dimensions of Brexit while providing a rich explanation of why a legal system may or may not reject an established transnational legal order. While market forces and a “Brussels Effect” played the most significant role in the decision of the UK government to accept the GDPR, important nonmarket factors were also present in this choice. This Article’s models of preference change are also useful in thinking about the likely extent of the UK’s future divergence from EU data protection.
36
Aubakirova, Indira Uralovna, and Aizhan Amanbaykyzy Toleubek. "PROSPECTS FOR THE IMPLEMENTATION OF THE GENERAL DATA PROTECTION REGULATION (GDPR) REQUIREMENTS INTO THE LEGISLATION OF KAZAKHSTAN." Bulletin of the Institute of Legislation and Legal Information of the Republic of Kazakhstan 80, no. 1 (2025): 174–85. https://doi.org/10.52026/2788-5291_2025_80_1_174.
Full textAbstract:
The right to privacy is one of the fundamental human and civil rights. It is enshrined in international legal instruments and the Constitution of the Republic of Kazakhstan. In the modern era of digital technology development, issues related to the regulation and implementation of this right have gained particular relevance. This article examines the legal acts that establish personal data protection regulations in the European Union and explores the prospects for their implementation in Kazakhstani legislation, as well as the law enforcement practice in this area. The authors analyze the peculiarities of personal data collection, processing, and retention periods in Kazakhstan through the lens of GDPR requirements. A comparative analysis of the current situation regarding personal data protection in the legislation of the EU and Kazakhstan is conducted, based on which recommendations for improving legislative norms are proposed. The study identifies gaps in the legal regulation of personal data protection in both the EU and Kazakhstan. The authors determine that both GDPR requirements and the norms of Kazakhstan’s legislation on personal data protection lack explicit provisions regarding data retention periods. However, in the case of GDPR, there is established case law that compensates for legislative uncertainty, whereas for Kazakhstan's legal system, such a gap may lead to negative consequences. The analysis of personal data protection issues is based on real court cases. The authors emphasize that aligning Kazakhstan’s legislative framework with European regulatory practices could enhance the protection of Kazakhstani citizens in matters related to their right to privacy.
37
Olimid, Anca Parmena, and Daniel Alin Olimid. "Subjects' rights and data privacy: GDPR's impact on educational institutions." Journal of Contemporary Education Theory & Research 5, no. 1/2 (2023): 15–20. https://doi.org/10.5281/zenodo.7508169.
Full textAbstract:
<strong>Abstract</strong> <strong><em>Purpose: </em></strong><em>The study is designed to explore the compliance and implementation of the General Data Protection Regulation (GDPR) within educational institutions (EI).</em> <strong><em>Methods: </em></strong><em>A multi-faceted methodology of the GDPR research, including the conceptual and legal analysis, and the interpretative approach is used.</em> <strong><em>Results: </em></strong><em>The results of the analysis focus on the role of data protection and the privacy requirements in the European Union (EU)<strong> </strong>institutional governance aiming to enhance key aspects of educational outcomes.</em> <strong><em>Implications: </em></strong><em>The GDPR enables key provisions to protect subjects’ rights and foster data privacy focusing on the processing of personal data (PD) within the EI</em>.
38
Marovic, Branko, and Vasa Curcin. "Impact of the European General Data Protection Regulation (GDPR) on Health Data Management in a European Union Candidate Country: A Case Study of Serbia." JMIR Medical Informatics 8, no. 4 (2020): e14604. http://dx.doi.org/10.2196/14604.
Full textAbstract:
As of May 2018, all relevant institutions within member countries of the European Economic Area are required to comply with the European General Data Protection Regulation (GDPR) or face significant fines. This regulation has also had a notable effect on the European Union (EU) candidate countries, which are undergoing the process of harmonizing their legislature with the EU as part of the accession process. The Republic of Serbia is an example of such a candidate country, and its 2018 Personal Data Protection Act mirrors the majority of provisions in the GDPR. This paper presents the impact of the GDPR on health data management and Serbia’s capability to conduct international health data research projects. Data protection incidents reported in Serbia are explored to identify common underlying causes using a novel taxonomy of contributing factors across aspects and health system levels. The GDPR has an extraterritorial application for the non-EU data controllers who process the data of EU citizens and residents, which mainly affects private practices used by medical tourists from the EU, public health care institutions frequented by foreigners, as well as expatriates, dual citizens, tourists, and other visitors. Serbia generally does not have well-established procedures to support international research collaborations around its health data. For smaller projects, contractual arrangements can be made with health data providers and their ethics committees. Even then, organizations that have not previously participated in similar ventures may require approval or support from health authorities. Extensive studies that involve multisite data typically require the support of central health system institutions and relevant research data aggregators or electronic health record vendors. The lack of a framework for preparation, anonymization, and assurance of privacy preservation forces researchers to rely heavily on local expertise and support. Given the current limitation and potential issues with the legislation, it remains to be seen whether the move toward the GDPR will be beneficial for the Serbian health system, medical research, protection of personal data and privacy rights, and research capacity. Although significant progress has been made so far, a strategic approach is needed at the national level to address insufficient resources in the area of data protection and develop the personal data protection environment further. This will also require a targeted educational effort among health workers and decision makers, aiming to improve awareness and develop skills and knowledge necessary for the workforce.
39
Penasa, Simone, Iñigo de Miguel Beriain, Carla Barbosa, et al. "The EU General Data Protection Regulation: How will it impact the regulation of research biobanks? Setting the legal frame in the Mediterranean and Eastern European area." Medical Law International 18, no. 4 (2018): 241–55. http://dx.doi.org/10.1177/0968533218765044.
Full textAbstract:
On 25 May 2018, the EU General Data Protection Regulation (GDPR) will come into force. As with the Data Protection Directive (95/46/EC), the regulation of biobanks for scientific research will be profoundly affected by this reform. Accordingly, a comparative survey of some of the existing national regulatory frameworks is of value to aid understanding of whether and how EU Member States will need to realign their systems to ensure compliance with the new Regulation. This article provides a comparison of the positions of Member States in the Mediterranean and Eastern European area, focusing especially on the existing regulatory framework on biobanks, the definition of personal and genetic data, the pseudonymization process, the processing of personal data for medical research purposes (and its impact on the right to consent of the individuals involved) and the secondary use of such data. The article concludes that effective implementation of the EU GDPR will represent a decisive catalyst for adaptive harmonization of biobanks regulation in the European framework.
40
Kuner, Christopher. "The GDPR and International Organizations." AJIL Unbound 114 (2020): 15–19. http://dx.doi.org/10.1017/aju.2019.78.
Full textAbstract:
The entry into application of the EU General Data Protection Regulation (GDPR) on May 25, 2018 has raised questions about its impact on data processing by intergovernmental organizations that operate under public international law (referred to here as international organizations or IOs). EU data protection law can have impact beyond EU borders, and the global reach of EU law is a well-recognized phenomenon. The GDPR contains numerous references to IOs but does not state whether it applies to them, and this uncertainty has led to tensions between IOs and the European Commission. The issues surrounding IOs’ processing of personal data show how the GDPR can give rise to unexpected questions under public international law, and illustrate the need for greater engagement between EU law and international law.
41
Bratasyuk, Oksana. "Legal basis of personal data protection in Ukraine and Germany: organizational and managerial aspect." Visegrad Journal on Human Rights, no. 1 (December 29, 2023): 42–49. http://dx.doi.org/10.61345/1339-7915.2023.1.5.
Full textAbstract:
The author emphasizes that the European General Data Protection Regulation (GDPR) is effective. It applies directly to all member states of the European Union. However, there are exceptions where member states can also adopt their own rules for certain areas. German lawmakers have used these introductory provisions in the Federal Data Protection Act (BDSG) and adapted national data protection laws in accordance with the GDPR so that they can continue to exist.
 The system of federal data protection authorities in Germany is more complex than in other EU countries. In practice, this sometimes creates problems and indirectly becomes a competitive disadvantage for German companies. Although the introduction of the GDPR helped harmonize data protection rules across member states, regional differences still exist in Germany. Nevertheless, various instruments ensure better coordination between the data protection authorities of the individual federal states at the national level, as well as between the authorities in different EU member states at the European level, compared to the time before the GDPR came into force.
42
Flint, Jason. "Do Social Media Platforms Always Use Personal Data Lawfully?" Global Privacy Law Review 2, Issue 3 (2021): 212–18. http://dx.doi.org/10.54648/gplr2021026.
Full textAbstract:
The article considers the principal concerns posed by the increasing influence of social media and analyses the potential and actual legal bases relied upon by selected platforms for the processing of personal data. Special reference is made to the EU General Data Protection Regulation (Regulation (EU) 2016/679). The article concludes that the application of those legal bases may be questionable in certain situations and that platforms may struggle to achieve the transparency and proportionality required by applicable rules. Social Media, Data Protection, Legal Basis, GDPR
43
Eskhita, Radwan, and Evert Stamhuis. "The Influence of the Brussels Effect on the Interpretation of Data Protection Laws in the Gulf." Global Journal of Comparative Law 13, no. 2 (2024): 261–78. http://dx.doi.org/10.1163/2211906x-13020007.
Full textAbstract:
Abstract This article examines the diffusion effect of the General Data Protection Regulation (gdpr) beyond the European Union borders, particularly in the Gulf Cooperation Council (gcc) countries. The article explores how the Brussels Effect (as a concept and observation) can explain non-EU jurisdictions’ voluntary adoption of gdpr standards. This article seeks to develop a corpus of reasoning that could be used to determine when and to what extent the provisions in local data protection statutes need to be interpreted and applied in conformity with gdpr-related legal sources.
44
Mesarčík, Matúš. "Apply or not to apply?" Bratislava Law Review 4, no. 2 (2020): 81–94. http://dx.doi.org/10.46282/blr.2020.4.2.171.
Full textAbstract:
A new era of data protection laws arises after the adoption of the General Data Protection Regulation (GDPR) in the European Union. One of the newly adopted regulations of processing of personal data is Californian Consumer Privacy Act commonly referred to as CCPA. The article aims to fill the gap considering a deep analysis of the territorial scope of both acts and practical consequences of the application. The article starts with a brief overview of privacy regulation in the EU and USA. Introduction to GDPR and CCPA follows focusing on the territorial scope of respective legislation. Three scenarios of applicability are derived in the following part including practical examples.
45
Shan Liu, Rolly R. Tang, Jae Kyu Lee,. "Taxonomy of the GDPR-based Privacy Research by Scientometric Analysis." Journal of Electrical Systems 20, no. 2 (2024): 1647–59. http://dx.doi.org/10.52783/jes.1612.
Full textAbstract:
Will General Data Protection Regulation (GDPR) be adopted globally in business? The GDPR was approved in the European Union (EU) in April 2016 and officially put into effect in May 2018, thus the research in this field has an obvious upward trend. The development of GDPR is aimed at adapting to new trends, conducting scientific econometric analysis in the fields of privacy and GDPR, and analyzing and visualizing emerging trends. First, summarizing the privacy and GDPR studies publicly published between 1995 and 2023 through statistical analysis of terminology categories and high-yield journals. Then, understand the overall research status of privacy rights and GDPR from the perspectives of author, journal, literature co citation analysis, and collaborative networks. Finally, based on keyword analysis and literature co citation cluster analysis, a knowledge graph was constructed that includes knowledge domains, evolutionary trends, and future research directions. As a globally influential regulation, GDPR emphasizes the protection and lawful processing of personal data, which is of great significance for protecting personal data privacy and enhancing data security.
46
Georgiou, Dimitra, and Costas Lambrinoudakis. "Compatibility of a Security Policy for a Cloud-Based Healthcare System with the EU General Data Protection Regulation (GDPR)." Information 11, no. 12 (2020): 586. http://dx.doi.org/10.3390/info11120586.
Full textAbstract:
Currently, there are several challenges that cloud-based healthcare systems around the world are facing. The most important issue is to ensure security and privacy, or in other words, to ensure the confidentiality, integrity, and availability of the data. Although the main provisions for data security and privacy were present in the former legal framework for the protection of personal data, the General Data Protection Regulation (GDPR) introduces new concepts and new requirements. In this paper, we present the main changes and the key challenges of the GDPR and, at the same time, we present how a cloud-based security policy could be modified in order to be compliant with the GDPR, as well as how cloud environments can assist developers to build secure and GDPR compliant cloud-based healthcare systems. The major concept of this paper is dual-purpose; primarily, to facilitate cloud providers in comprehending the framework of the new GDPR and secondly, to identify security measures and security policy rules, for the protection of sensitive data in a cloud-based healthcare system, following our risk-based security policy methodology that assesses the associated security risks and takes into account different requirements from patients, hospitals, and various other professional and organizational actors.
47
Yuan, Bocong, and Jiannan Li. "The Policy Effect of the General Data Protection Regulation (GDPR) on the Digital Public Health Sector in the European Union: An Empirical Investigation." International Journal of Environmental Research and Public Health 16, no. 6 (2019): 1070. http://dx.doi.org/10.3390/ijerph16061070.
Full textAbstract:
The rapid development of digital health poses a critical challenge to the personal health data protection of patients. The European Union General Data Protection Regulation (EU GDPR) works in this context; it was passed in April 2016 and came into force in May 2018 across the European Union. This study is the first attempt to test the effectiveness of this legal reform for personal health data protection. Using the difference-in-difference (DID) approach, this study empirically examines the policy influence of the GDPR on the financial performance of hospitals across the European Union. Results show that hospitals with the digital health service suffered from financial distress after the GDPR was published in 2016. This reveals that during the transition period (2016–2018), hospitals across the European Union indeed made costly adjustments to meet the requirements of personal health data protection introduced by this new regulation, and thus inevitably suffered a policy shock to their financial performance in the short term. The implementation of GDPR may have achieved preliminary success.
48
Huang, Lijian. "How the Data Rules of EU is Exported to the Outside of the Region: Take the EU ’s General Data Protection as an example." Journal of Education, Humanities and Social Sciences 24 (December 31, 2023): 399–404. http://dx.doi.org/10.54097/nxw6ds83.
Full textAbstract:
The General Data Protection of the European Union, the GDPR is the concentrative embodiment of the stringent regulation of data policy. In the field of cross-border data flows, the “White-List” evaluation mechanism of cross-border data flows is constructed by “adequacy decision”, “appropriate safeguards” and exceptional stipulates. Through the evaluation by the above mechanism, if the protection level of the overseas data recipients is substantially equal to the level of the EU, the EU will authorize the transfers of EU data to the region. This mechanism mentioned above, somehow makes the data rules of the EU and the preference on stringent regulation of data policy adopted by more and more Non-EU countries. The mode of data regulation supervise is considered as an ideal reference and it is gradually spread globally. However the evaluation mechanism of cross-border data flows, should be regarded as a new-type barrier on data flows. And it will block the development of free market for global trade in data services. Thus, to resolve the conflict on the regulations of data supervision and cross-border data interaction, the World Trade Organization should shoulder more responsibilities, promote a broader global negotiation.
49
Georgopoulou, Androniki A., Eftichia Tzika, and Spyros E. Polykalas. "Social Media Platforms and General Data Protection Regulation Violation for Minor Users." Proceedings of The Global Conference on Business, Management, and Marketing 1, no. 1 (2024): 1–12. http://dx.doi.org/10.33422/bmmconf.v1i1.258.
Full textAbstract:
This article investigates the use of social media by minors in Europe, examining relevant legislation and conducting practical research. The study delves into the General Data Protection Regulation (GDPR), analyzing its approach to minors' data protection and the history of its adoption. Despite GDPR's intent to set an age limit for minors' data processing consent, the lack of consensus among member states led to an inconclusive solution, allowing varying age thresholds. The study further presents practical research conducted in Greece, involving attempts to create profiles on six major social media platforms at ages 12, 14, and 16. Findings reveal a lack of compliance with GDPR and national laws, with platforms often allowing underage users to create profiles without parental consent. Conclusions emphasize that since teenagers are a major marketing target, social media will continue this practice and the need for EU institutions to establish a uniform pan-European age limit for minors' data processing consent, prompting a vital dialogue for legal improvement.
50
Doetsch, Julia Nadine, Vasco Dias, Marit S. Indredavik, et al. "Record linkage of population-based cohort data from minors with national register data: a scoping review and comparative legal analysis of four European countries." Open Research Europe 1 (May 27, 2021): 58. http://dx.doi.org/10.12688/openreseurope.13689.1.
Full textAbstract:
Background: The General Data Protection Regulation (GDPR) was implemented to build an overarching framework for personal data protection across the European Union/Economic Area (EU/EEA). Linkage of data directly collected from cohort participants based on individual consent must respect data protection rules and privacy rights of data subjects. Our objective was to investigate possibilities of linking cohort data of minors with routinely collected education and health data comparing EU/EEA member states. Methods: A legal comparative analysis and scoping review was conducted of openly online accessible published laws and regulations in EUR-Lex and national law databases on GDPR’s implementation in Portugal, Finland, Norway, and the Netherlands and its connected national regulations purposing record linkage for health research that have been implemented up until April 30, 2021. Results: EU/EEA has limited legislative authority over member states. The GDPR offers flexibility for national legislation. Exceptions to process personal data, e.g., public interest and scientific research, must be laid down in EU/EEA or national law. Differences in national interpretation caused obstacles in cross-national research and record linkage: Portugal requires written consent and ethical approval; Finland allows linkage mostly without consent through the national Data Protection Supervisory Authority; Norway when based on regional ethics committee’s approval and adequate information technology safeguarding confidentiality; the Netherlands mainly bases linkage on the opt-out system and Data Protection Impact Assessment. Conclusions: Though the GDPR is the most important legal framework, national legislation execution matters most when linking cohort data with routinely collected health and education data. As national interpretation varies, legal intervention balancing individual right to informational self-determination and public good is gravely needed for scientific research. More harmonization across EU/EEA could be helpful but should not be detrimental in those member states which already opened a leeway for registries and research for the public good without explicit consent.