Privacy Rights and Legal Bases

2020

As of July 2020, the General Data Protection Regulation 2016/679 (GDPR) has been in force for more than two years. Together with the e-Privacy Directive 2002/58/EC, it applies to millions of European businesses across all sectors. Both pieces of legislation have been challenging to implement for industry stakeholders; A review of their reports serves as the basis of a qualitative legal analysis of the GDPR, the E-Privacy Directive and the draft of the coming E-Privacy Regulation that seeks to identify which provisions have turned out to be most difficult for European Businesses to implement. This legal dissection will be accompanied by a quantitative assessment of the administrative fines that have been issued by data protection authorities throughout the Union. The aim is to locate problems within the legislature and to provide recommendations for how to solve them.

International Journal of Advanced Research in Computer Science, ISSN No. 0976-5697, Volume 8, No. 7, July-August 2017, 2017

Recent reforms in data privacy protection framework in European Union have lead to enactment of General Data Protection Regulation (GDPR). However, it remains debatable if GDPR would lead to significant improvement in the protection of privacy rights of individuals, which is always considered the fundamental right. The advent of technology and movement of data across geographical barriers and outsourcing of data processing jobs to countries outside the EU necessitated enactments of GDPR. An analysis is done to demonstrate that though some of the provision of GDPR remain generically remain similar to the Data Protection Directive, GDPR has incorporated some new provisions by choosing the 'regulation' as an instrument of law for better harmonisation, expensing the 'right to be forgotten, legitimisation the role of consent, providing data protection by design and default, increasing accountability of data controllers and expanding the scope of provision of the directive to extra territorial jurisdiction would be remain to be seen whether GDPR is an old wine with the new label or something else in a wine bottle.

The rights to privacy and to personal data protection, enshrined respectively in Art. 7 and 8 of the Charter of Fundamental Rights of the European Union (EU) (hereafter, the ‘EU Charter’), have been particularly powerful in determining the evolution of EU law and policy over the last years. On their basis, the Court of Justice of the EU (CJEU) declared invalid the Data Retention Directive, advised against the conclusion of a negotiated agreement on the transfer of Passenger Name Record (PNR) data to Canada, and brought down the major legal instrument allowing for the transfer of personal data to the United States (US). The CJEU has also asserted, on the basis of Art. 7 and 8 EU Charter, the existence of rights in the hands of individuals in relation to data about them processed by search engines. Judgments such as Digital Rights, Schrems and Google Spain8, but also the Court’s Opinion 1/15 on the PNR agreement between the EU and Canada, have demonstrated the importance of these two fundamental rights for EU law, also against the background of a continuously developing data- driven information society built on the massive of use of personal data.

The Right to Privacy Revisited, 2021

The General Data Protection Regulation (GDPR) is a far-reaching legal instrument that regulates the collection and use of personal data by private actors, individuals and by governments. In this respect, the GDPR is indeed a key legal instrument for protecting informational privacy. This article will analyse and discuss the impact of the GDPR on the right to privacy particularly in the context of data protection. It also explores whether the GDPR in itself is adequate to ensure the right to privacy in the European Union (EU) and whether the protection provided by the GDPR can be supplemented by other means. The article finds that while the GDPR is a significant step in the right direction to protect informational privacy, it is certainly not the end of the journey. It argues that on its own, the GDPR cannot fully address the imbalance of power between data subjects and data controllers. Hence, it needs to be complemented by other regulatory tools such as the ePrivacy Regulation, EU competition law and Consumer Protection rules. Furthermore, some provisions in the GDPR must be revisited in the near future to ensure they do not become obsolete.

The Italian Law Journal, 2019

The European approach to online privacy and personal data concerns in the contemporary digital age appears to have embraced a 'user-centric' approach, inspired by values of 'personalism' and human dignity, regardless of the growing commercial value commonly given to personal data. These two sides of the same coin have been taken into account by the GDPR. On the one hand, it seems to outline a system of protection of data subjects that presents certain similarities and connections with consumer protection directives, especially as regards the transparency principle and the aim to provide individuals with 'effective' protection, enforceable rights and awareness-raising activities. On the other hand, a radical shift in the data protection policies of big online companies and many other service providers is required by the implementation of the set of mandatory principles and obligations stated by chapter IV of the GDPR, while the notice-and-consent paradigm is now quite remote. In particular, data minimisation, confidentiality, integrity, data protection by design and by default, as well as accountability and scalability principles require a model of approaching the new challenges brought about by data protection that should be 'contextual' and 'tailor-made'. This means that the appropriate measures to be adopted by controllers and processors must consider the specific circumstances of each individual case, in accordance with a proportionality and reasonableness test on the extent of risks to the rights and freedoms at stake. The new legal framework provided by the GDPR and Convention 108+ has weakened the role of national laws on personal data protection but has also posed the challenge of providing a uniform legal frame, at the European Union level, as well as of strengthening the harmonisation process among countries that are currently taking different approaches to data protection at a global level.

Masaryk University Journal of Law and Technology

The emergence of the right to personal data protection is usually considered in close proximity to the right to private life, however, the two rights despite the sufficient degree of similarity are not identical. The article analyses the main concepts and discussions around the protection of privacy and personal data protection, which primarily was only perceived as another facet of privacy, as well as provides a comprehensive overview of theoretical and practical problems associated with their protection. Provided for the right to data protection is not explicitly mentioned in the ECHR the main concern, therefore, is whether it receives an adequate level of protection within the Convention system. The article argues that given the lack of an explicit criterion for distinguishing the rights to privacy and data protection, it is the jurisprudence of the ECHR, which is of the utmost importance for the development of the right to personal data protection as a fundamental right. Due reg...

International Journal of Technology Policy and Law, 2019

The present paper offers a critique of the General Data Protection Regulation in the realm of access to information. Even though the GDPR supports the constitutionally obvious position that the right to data protection does not outweigh other equally important rights, the enhanced protection of the right to the protection of personal data leads to the potential neglect of other constitutional rights, such as that of access to information. Data protection and access to information authorities should be established both on an EU, as well as at national level as a single authority. Scientific research must be facilitated through access to a multitude of information. The present article explores the question of data ownership and aims to propose a new system that will enhance access to information. A key tool of our research will be the comparative overview of existing legislative systems and a review of the different approaches in the case-law of independent authorities.

1999

The paper has three parts. First, a survey and analysis is given of the structure of individual rights in the recent EU Directive on data protection. It is argued that at the core of this structure is an unexplicated notion of what the data subject can 'reasonably expect' concerning the further processing of information about him or herself. In the second part of the paper it is argued that theories of privacy popular among philosophers are not able to shed much light on the issues treated in the Directive, which are, arguably, among the central problems pertaining to the protection of individual rights in the information society. In the third part of the paper, some suggestions are made for a richer philosophical theory of data protection and privacy. It is argued that this account is better suited to the task of characterizing the central issues raised by the Directive.

The European Journal of Applied Economics

This paper discusses the challenges of implementing GDPR regulation in the EU and the Republic of Serbia. The regulations governing the issue of personal data protection are outlined. Emphasis is placed on reconciling this issue in the Republic of Serbia with EU legislation. The aim of this paper is to look at GDPR regulations from several standpoints of the business of taxpayers. It is necessary to include all segments of a business entity in the implementation of this regulation, as well as bodies at the national level. It is necessary to adopt by-laws in order to fully implement the Law on Personal Data Protection in the Republic of Serbia.