{"title":"Editorial: Key Privacy Concepts in the EU and Canada","authors":"Ceyhun Necati Pehlivan","doi":"10.54648/gplr2023008","DOIUrl":"https://doi.org/10.54648/gplr2023008","url":null,"abstract":"","PeriodicalId":127582,"journal":{"name":"Global Privacy Law Review","volume":"57 6","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"113957486","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The concept of personal data plays a foundational role in data protection law. The application of the General Data Protection Regulation (GDPR), as well as virtually all other national or transnational legislation that regulates the processing of personal data, depends on the identification of an actual personal data. Despite being a concept that is perfectly consolidated, especially within the European Union, its exact boundaries continue to raise some questions from an application point of view, particularly with regard to the element of identifiable.�In this article, we intend to examine the origins of the concept of personal data and analyse its various elements and boundaries under the GDPR�data protection, privacy, personal data, GDPR, identifiable information
{"title":"The Personal Data Under the GDPR: Concept, Elements, and Boundaries","authors":"A. B. Cordeiro","doi":"10.54648/gplr2023009","DOIUrl":"https://doi.org/10.54648/gplr2023009","url":null,"abstract":"The concept of personal data plays a foundational role in data protection law. The application of the General Data Protection Regulation (GDPR), as well as virtually all other national or transnational legislation that regulates the processing of personal data, depends on the identification of an actual personal data. Despite being a concept that is perfectly consolidated, especially within the European Union, its exact boundaries continue to raise some questions from an application point of view, particularly with regard to the element of identifiable.\u0000In this article, we intend to examine the origins of the concept of personal data and analyse its various elements and boundaries under the GDPR\u0000data protection, privacy, personal data, GDPR, identifiable information","PeriodicalId":127582,"journal":{"name":"Global Privacy Law Review","volume":"86 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122106340","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Case Note: Strengthening the Role of Google? Recent Developments in the Right to Be Forgotten Case Law of the CJEU (TU and RE v. Google LLC, C-460/20)","authors":"B. Zelger","doi":"10.54648/gplr2023010","DOIUrl":"https://doi.org/10.54648/gplr2023010","url":null,"abstract":"","PeriodicalId":127582,"journal":{"name":"Global Privacy Law Review","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132954999","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In the light of recent legislative amendments to privacy laws and an increasing technological complexity in investigations by privacy commissioners, this article aims to dissect and define the concept of collection of personal information in Canada by examining investigations and case law. The proposed definition is that ‘collection’ means gaining control over someone else’s personal information, regardless of the collecting party’s intent. To do so, this article looks into each of the three components that are at the heart of the concept: acquisition, intent, and control. It is thus demonstrated that the concept of collection is flexible and suited to technological changes.�Canada, collection, personal information, PIPEDA
{"title":"Collection of Personal Information in Canadian Law","authors":"Xavier Dionne","doi":"10.54648/gplr2023007","DOIUrl":"https://doi.org/10.54648/gplr2023007","url":null,"abstract":"In the light of recent legislative amendments to privacy laws and an increasing technological complexity in investigations by privacy commissioners, this article aims to dissect and define the concept of collection of personal information in Canada by examining investigations and case law. The proposed definition is that ‘collection’ means gaining control over someone else’s personal information, regardless of the collecting party’s intent. To do so, this article looks into each of the three components that are at the heart of the concept: acquisition, intent, and control. It is thus demonstrated that the concept of collection is flexible and suited to technological changes.\u0000Canada, collection, personal information, PIPEDA","PeriodicalId":127582,"journal":{"name":"Global Privacy Law Review","volume":"59 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126679639","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Emotional artificial intelligence (EAI) is increasingly being used in educational settings. This raises several contentious issues regarding children’s rights and freedoms. This article evaluates the impact of EAI on children’s rights, focusing on freedom of thought (FoT), non-discrimination, privacy, and data protection. These rights are evaluated in turn before focusing on the fairness principle in Article 5(1)(a) of the General Data Protection Regulation (GDPR), an ‘underutilized’ principle that lies at the heart of the United Kingdom (UK) Age-Appropriate Design Code’s standard: best interests of the child. We argue that the use of EAI in education contexts contradicts the fairness principle and that EAI represents a potentially serious threat to children’s rights to FoT, non-discrimination, privacy, and data protection and is an issue which requires urgent attention from policymakers and regulators in the UK.�Fairness, Emotional Artificial Intelligence, GDPR, Privacy, Freedom of Thought, Education
{"title":"The Fairness Principle: A Tool to Protect Childrens Rights in Their Interaction with Emotional AI in Educational Settings","authors":"A. Atabey, R. Scarff","doi":"10.54648/gplr2023002","DOIUrl":"https://doi.org/10.54648/gplr2023002","url":null,"abstract":"Emotional artificial intelligence (EAI) is increasingly being used in educational settings. This raises several contentious issues regarding children’s rights and freedoms. This article evaluates the impact of EAI on children’s rights, focusing on freedom of thought (FoT), non-discrimination, privacy, and data protection. These rights are evaluated in turn before focusing on the fairness principle in Article 5(1)(a) of the General Data Protection Regulation (GDPR), an ‘underutilized’ principle that lies at the heart of the United Kingdom (UK) Age-Appropriate Design Code’s standard: best interests of the child. We argue that the use of EAI in education contexts contradicts the fairness principle and that EAI represents a potentially serious threat to children’s rights to FoT, non-discrimination, privacy, and data protection and is an issue which requires urgent attention from policymakers and regulators in the UK.\u0000Fairness, Emotional Artificial Intelligence, GDPR, Privacy, Freedom of Thought, Education","PeriodicalId":127582,"journal":{"name":"Global Privacy Law Review","volume":"22 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127079273","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Article 22 of the General Data Protection Regulation (GDPR) provides individuals with the right not to be subject to automated decisions. In this article, the author questions the extent to which the legal framework for automated decision-making in the GDPR is attuned to the employment context. More specifically, the author argues that an individual’s right may not be the most appropriate approach to contesting artificial intelligence (AI) based decisions in situations involving dependency contracts, such as employment relationships. Furthermore, Article 22 GDPR derogations rarely apply in the employment context, which puts organizations on the wrong track when deploying AI systems to make decisions about hiring, performance, and termination. In this scenario, emerging initiatives are calling for a shift from an individual rights perspective to a collective governance approach over data as a way to leverage collective bargaining power. Taking inspiration from these different initiatives, I propose ‘algorithmic co-governance’ to address the lack of accountability and transparency in AI-based employment decisions. Algorithmic co-governance implies giving third parties (ideally, the workforce’s legal representatives) the power to negotiate, correct, and overturn AI-based employment decision tools. In this context, Spain has implemented a law reform requiring that Workers’ Councils are informed about the ‘parameters, rules, and instructions’ on which algorithmic decision-making is based, becoming the first law in the European Union requiring employers to share information about AI-based decisions with Workers’ Councils. I use this reform to evaluate a potential algorithmic co-governance model in the workplace, highlighting some shortcomings that may deprive its quality and effectiveness.�Algorithms, Artificial Intelligence, AI Systems, Automated Decision-Making, Algorithmic Co-governance, Algorithmic Management, Data Protection, Privacy, GDPR, Employment Decisions, Right To Access Algorithms, Workers’ Council
{"title":"Opening the Black-Box in Private-Law Employment Relationships: A Critical Review of the Newly Implemented Spanish Workers’ Council’s Right to Access Algorithms","authors":"Sergi Gálvez Durán","doi":"10.54648/gplr2023003","DOIUrl":"https://doi.org/10.54648/gplr2023003","url":null,"abstract":"Article 22 of the General Data Protection Regulation (GDPR) provides individuals with the right not to be subject to automated decisions. In this article, the author questions the extent to which the legal framework for automated decision-making in the GDPR is attuned to the employment context. More specifically, the author argues that an individual’s right may not be the most appropriate approach to contesting artificial intelligence (AI) based decisions in situations involving dependency contracts, such as employment relationships. Furthermore, Article 22 GDPR derogations rarely apply in the employment context, which puts organizations on the wrong track when deploying AI systems to make decisions about hiring, performance, and termination. In this scenario, emerging initiatives are calling for a shift from an individual rights perspective to a collective governance approach over data as a way to leverage collective bargaining power. Taking inspiration from these different initiatives, I propose ‘algorithmic co-governance’ to address the lack of accountability and transparency in AI-based employment decisions. Algorithmic co-governance implies giving third parties (ideally, the workforce’s legal representatives) the power to negotiate, correct, and overturn AI-based employment decision tools. In this context, Spain has implemented a law reform requiring that Workers’ Councils are informed about the ‘parameters, rules, and instructions’ on which algorithmic decision-making is based, becoming the first law in the European Union requiring employers to share information about AI-based decisions with Workers’ Councils. I use this reform to evaluate a potential algorithmic co-governance model in the workplace, highlighting some shortcomings that may deprive its quality and effectiveness.\u0000Algorithms, Artificial Intelligence, AI Systems, Automated Decision-Making, Algorithmic Co-governance, Algorithmic Management, Data Protection, Privacy, GDPR, Employment Decisions, Right To Access Algorithms, Workers’ Council","PeriodicalId":127582,"journal":{"name":"Global Privacy Law Review","volume":"54 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122153209","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The article focusses on (joint) trade secret ownership as a (neglected) aspect of European Union (EU) and United States (US) Trade Secret Law. The article shows that Information Privacy Law and Data Protection Law, respectively, and Trade Secret Law intersect. This intersection can be used to address not only the issue of unclear trade secret ownership in relation with personal data, but also the issue of power imbalance raised by considering two or more parties with entirely different bargaining positions as jointly responsible under Data Protection Law, in particular under the General Data Protection Regulation (GDPR). In this regard, US Information Privacy and Trade Secret Law as well as EU Data Protection and Trade Secret Law and the underlying ownership and liability concepts are analysed and compared to each other. The article shows that factors for (joint) control as developed by the Court of Justice of the European Union (CJEU) (Cases Wirtschaftsakademie, Jehovah’s Witnesses (JW), and Fashion ID) can be adapted by means of interpretation in essence under EU and US Trade Secret Law. Thus, joint controllers are often considered joint owners of the respective personal data as a trade secret. According to this approach, the parties are reciprocally entitled to prevent disclosures by each other beyond what is explicitly or implicitly agreed. Such right can act as a lever for weaker parties when bargaining with ‘stronger’ parties as necessary under Data Protection Law. At the same time, the essentially unified approach of determining trade secret ownership and data protection controllership provides for more clarity when it comes to the determination of trade secret ownership.�Joint Control, Trade Secrets, Ownership, Joint Ownership, UTSA, Fashion ID, Trade Secret Directive, GDPR, FTCA, US
{"title":"Are Joint Controllers Joint Trade Secret Owners? What EU Data Protection and US Information Privacy Law Tell Us About Trade Secret Law","authors":"Tristan Radtke","doi":"10.54648/gplr2023004","DOIUrl":"https://doi.org/10.54648/gplr2023004","url":null,"abstract":"The article focusses on (joint) trade secret ownership as a (neglected) aspect of European Union (EU) and United States (US) Trade Secret Law. The article shows that Information Privacy Law and Data Protection Law, respectively, and Trade Secret Law intersect. This intersection can be used to address not only the issue of unclear trade secret ownership in relation with personal data, but also the issue of power imbalance raised by considering two or more parties with entirely different bargaining positions as jointly responsible under Data Protection Law, in particular under the General Data Protection Regulation (GDPR). In this regard, US Information Privacy and Trade Secret Law as well as EU Data Protection and Trade Secret Law and the underlying ownership and liability concepts are analysed and compared to each other. The article shows that factors for (joint) control as developed by the Court of Justice of the European Union (CJEU) (Cases Wirtschaftsakademie, Jehovah’s Witnesses (JW), and Fashion ID) can be adapted by means of interpretation in essence under EU and US Trade Secret Law. Thus, joint controllers are often considered joint owners of the respective personal data as a trade secret. According to this approach, the parties are reciprocally entitled to prevent disclosures by each other beyond what is explicitly or implicitly agreed. Such right can act as a lever for weaker parties when bargaining with ‘stronger’ parties as necessary under Data Protection Law. At the same time, the essentially unified approach of determining trade secret ownership and data protection controllership provides for more clarity when it comes to the determination of trade secret ownership.\u0000Joint Control, Trade Secrets, Ownership, Joint Ownership, UTSA, Fashion ID, Trade Secret Directive, GDPR, FTCA, US","PeriodicalId":127582,"journal":{"name":"Global Privacy Law Review","volume":"84 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116468243","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The EU’s Digital Services Act (DSA) marks the biggest shake up to the rules for online intermediary liability in twenty years. The DSA is accompanied by flanking instruments regulating terrorist content, child sexual abuse material (CSAM) and political ads which, together, will create an entirely new framework for the regulation of online harms in the EU. These new and wide-ranging obligations attempt to reconcile the damage caused by unregulated user-generated content, fundamental rights to freedom of information and the practical limitations of moderating content at scale. The DSA is likely to shape the global approach to content regulation in this emerging area of law.�Digital Services Act, DSA, Online Harm, Intermediary Liability, Intermediary Services, Hosting Services, Very Large Online Search Engines, Online Platforms, Very Large Online Platforms
{"title":"The Digital Services Act (DSA): A New Era for Online Harms and Intermediary Liability","authors":"Ceyhun Necati Pehlivan, Peter Church","doi":"10.54648/gplr2023005","DOIUrl":"https://doi.org/10.54648/gplr2023005","url":null,"abstract":"The EU’s Digital Services Act (DSA) marks the biggest shake up to the rules for online intermediary liability in twenty years. The DSA is accompanied by flanking instruments regulating terrorist content, child sexual abuse material (CSAM) and political ads which, together, will create an entirely new framework for the regulation of online harms in the EU. These new and wide-ranging obligations attempt to reconcile the damage caused by unregulated user-generated content, fundamental rights to freedom of information and the practical limitations of moderating content at scale. The DSA is likely to shape the global approach to content regulation in this emerging area of law.\u0000Digital Services Act, DSA, Online Harm, Intermediary Liability, Intermediary Services, Hosting Services, Very Large Online Search Engines, Online Platforms, Very Large Online Platforms","PeriodicalId":127582,"journal":{"name":"Global Privacy Law Review","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115485179","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: