{"title":"Your Privacy Is Important to U$!: Restoring Human Dignity in Data Driven Marketing, Jan Trzaskowski. København: Ex Tuto Publishing. 2021","authors":"T. Henne","doi":"10.54648/gplr2022022","DOIUrl":"https://doi.org/10.54648/gplr2022022","url":null,"abstract":"","PeriodicalId":127582,"journal":{"name":"Global Privacy Law Review","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133727331","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The regulatory regime provided by the Privacy Act 1988 (Cth) has long been criticized for its limited effectiveness in providing both remedies for individuals and guidance and deterrence for entities obliged to comply with the statute. Key concerns include the restricted rights of redress for individuals, and the inadequate powers and funding of the federal privacy regulator, the Australian Information Commissioner. In the last three years, the Australian Competition & Consumer Commission (ACCC) has begun to take on an important role in advocating for reform of Australia’s privacy law, assessing the potential anticompetitive effects of the data practices of digital platforms, and actively litigating privacyrelated misleading conduct matters under the Australian Consumer Law (ACL). This article describes the contrast in the roles, powers and funding of these two regulators and makes proposals for reform which would assist in providing Australians with appropriate access to justice in directly redressing privacy wrongs beyond organizations’ misleading representations about data practices.�Australia, Data Privacy, Privacy Regulators, Enforcement, Redress
《1988年隐私法》(Cth)规定的监管制度长期以来一直受到批评,因为它在为个人提供补救措施和为有义务遵守该法规的实体提供指导和威慑方面效力有限。主要问题包括个人的补救权利受到限制,以及联邦隐私监管机构澳大利亚信息专员(Australian Information Commissioner)的权力和资金不足。在过去的三年中,澳大利亚竞争与消费者委员会(ACCC)开始在倡导澳大利亚隐私法的改革,评估数字平台数据实践的潜在反竞争影响,以及根据澳大利亚消费者法(ACL)积极提起与隐私相关的误导行为诉讼方面发挥重要作用。本文描述了这两个监管机构在角色、权力和资金方面的对比,并提出了改革建议,这将有助于为澳大利亚人提供适当的司法途径,直接纠正组织对数据实践的误导性陈述之外的隐私错误。澳大利亚,数据隐私,隐私监管机构,执法,补救
{"title":"Strengthening Enforcement and Redress Under the Australian Privacy Act","authors":"Katharine Kemp","doi":"10.54648/gplr2022016","DOIUrl":"https://doi.org/10.54648/gplr2022016","url":null,"abstract":"The regulatory regime provided by the Privacy Act 1988 (Cth) has long been criticized for its limited effectiveness in providing both remedies for individuals and guidance and deterrence for entities obliged to comply with the statute. Key concerns include the restricted rights of redress for individuals, and the inadequate powers and funding of the federal privacy regulator, the Australian Information Commissioner. In the last three years, the Australian Competition & Consumer Commission (ACCC) has begun to take on an important role in advocating for reform of Australia’s privacy law, assessing the potential anticompetitive effects of the data practices of digital platforms, and actively litigating privacyrelated misleading conduct matters under the Australian Consumer Law (ACL). This article describes the contrast in the roles, powers and funding of these two regulators and makes proposals for reform which would assist in providing Australians with appropriate access to justice in directly redressing privacy wrongs beyond organizations’ misleading representations about data practices.\u0000Australia, Data Privacy, Privacy Regulators, Enforcement, Redress","PeriodicalId":127582,"journal":{"name":"Global Privacy Law Review","volume":"85 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133088774","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This article examines the issues associated with online consent to ‘take it or leave it’ contracts, also known as standard from agreements. It does this by describing the concepts of standard form agreement and their deviations from bilateral contracts. It also sets out the meaning of informed consent. With these concepts established, the article analyses informed consent in online standard form agreements and provides an analysis of the factors impacting informed consent. The article also draws a distinction between unfairness and unconscionability.�The article demonstrates that courts and regulators look the other way when it comes to recognizing substantive unfairness and unconscionability in online standard form agreements. It discusses the legal, economic, behavioural and social dynamics of informed consent in the context of the Australian marketplace. The article demonstrates that, in Australia, the focus on procedural unfairness and procedural unconscionability as threshold requirements have prevented the notion of informed consent from voiding particular terms. That is, as long as there was notice and an opportunity to read, in Australia the actual content of the terms seems to have limited importance.�Australia, Standard Form Agreements, Unconscionability, Unfairness, Informed Consent
{"title":"Informed Consent to Online Standard Form Agreements","authors":"Rob Nicholls","doi":"10.54648/gplr2022017","DOIUrl":"https://doi.org/10.54648/gplr2022017","url":null,"abstract":"This article examines the issues associated with online consent to ‘take it or leave it’ contracts, also known as standard from agreements. It does this by describing the concepts of standard form agreement and their deviations from bilateral contracts. It also sets out the meaning of informed consent. With these concepts established, the article analyses informed consent in online standard form agreements and provides an analysis of the factors impacting informed consent. The article also draws a distinction between unfairness and unconscionability.\u0000The article demonstrates that courts and regulators look the other way when it comes to recognizing substantive unfairness and unconscionability in online standard form agreements. It discusses the legal, economic, behavioural and social dynamics of informed consent in the context of the Australian marketplace. The article demonstrates that, in Australia, the focus on procedural unfairness and procedural unconscionability as threshold requirements have prevented the notion of informed consent from voiding particular terms. That is, as long as there was notice and an opportunity to read, in Australia the actual content of the terms seems to have limited importance.\u0000Australia, Standard Form Agreements, Unconscionability, Unfairness, Informed Consent","PeriodicalId":127582,"journal":{"name":"Global Privacy Law Review","volume":"640 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116086079","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This article analyses the Australian privacy framework in the context of both the Australian Competition and Consumer Commission’s Digital Platforms Inquiry (DPI) and the Consumer Data Right (CDR). This analysis extends to informed consent and attitudes to unfairness and unconscionability. The article offers potential solutions to the current patchwork approach which go further than the Government response to the DPI. It argues that the Australian Government’s response is not an adequate response nor a set of suitable solutions to the problem.�The article proposes a two-pronged approach that recognizes the urgency of the issue through the suggestion of a series of ‘quick policy wins’ that will result in more meaningful and effective protection for consumers and further systemic, long-term recommendations for change that can be achieved through policy development, further consultation and integration with other existing legislation. The quick policy wins centre on three specific changes, including definitional updates, content and structure of online standard form agreements and enforcement, penalties and sanctions, and long-term solutions. The long-term solutions are proposed to include regulation of website design, better integration of the laws, regulators and enforcement bodies, a faster, more consistent pace of policy review and recognition of the societal and human benefit of informed consent to online standard form agreements.�Australia, Digital Platforms, Consumer Data Right, Informed Consent, Reform
{"title":"Reform in Australia: A Focus on Informed Consent","authors":"Rob Nicholls","doi":"10.54648/gplr2022018","DOIUrl":"https://doi.org/10.54648/gplr2022018","url":null,"abstract":"This article analyses the Australian privacy framework in the context of both the Australian Competition and Consumer Commission’s Digital Platforms Inquiry (DPI) and the Consumer Data Right (CDR). This analysis extends to informed consent and attitudes to unfairness and unconscionability. The article offers potential solutions to the current patchwork approach which go further than the Government response to the DPI. It argues that the Australian Government’s response is not an adequate response nor a set of suitable solutions to the problem.\u0000The article proposes a two-pronged approach that recognizes the urgency of the issue through the suggestion of a series of ‘quick policy wins’ that will result in more meaningful and effective protection for consumers and further systemic, long-term recommendations for change that can be achieved through policy development, further consultation and integration with other existing legislation. The quick policy wins centre on three specific changes, including definitional updates, content and structure of online standard form agreements and enforcement, penalties and sanctions, and long-term solutions. The long-term solutions are proposed to include regulation of website design, better integration of the laws, regulators and enforcement bodies, a faster, more consistent pace of policy review and recognition of the societal and human benefit of informed consent to online standard form agreements.\u0000Australia, Digital Platforms, Consumer Data Right, Informed Consent, Reform","PeriodicalId":127582,"journal":{"name":"Global Privacy Law Review","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131796115","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Patricia Boshe, Moritz Hennemann, Ricarda von Meding
Data protection law is experiencing a global rise. Whilst setting the boundaries for public and private data processors, it has become a vital factor for individual protection and innovation alike. The quest for adequate data protection regimes is on-going, not only, but also on the African continent. Since 2001, the majority of African states have drafted and enacted data protection laws. Hard law and soft law instruments have been developed by the African Union and the African Regional Economic Communities. Regularly, EU-style legislation has been used as a source of inspiration – a process actively pushed for by the EU. Against this background, this study evaluates the current state of data protection law and data protection policy in Africa, questions the process of legal transplantation, and favours the consideration of a unique African approach to data protection. Thereby, this study is also a story about alternative routes to the General Data Protection Regulation (GDPR) which are – for many reasons – not easy to take.�Africa, African Union, African Regional Economic Communities, Data Protection, Privacy, GDPR
{"title":"African Data Protection Laws: Current Regulatory Approaches, Policy Initiatives, and the Way Forward","authors":"Patricia Boshe, Moritz Hennemann, Ricarda von Meding","doi":"10.54648/gplr2022008","DOIUrl":"https://doi.org/10.54648/gplr2022008","url":null,"abstract":"Data protection law is experiencing a global rise. Whilst setting the boundaries for public and private data processors, it has become a vital factor for individual protection and innovation alike. The quest for adequate data protection regimes is on-going, not only, but also on the African continent. Since 2001, the majority of African states have drafted and enacted data protection laws. Hard law and soft law instruments have been developed by the African Union and the African Regional Economic Communities. Regularly, EU-style legislation has been used as a source of inspiration – a process actively pushed for by the EU. Against this background, this study evaluates the current state of data protection law and data protection policy in Africa, questions the process of legal transplantation, and favours the consideration of a unique African approach to data protection. Thereby, this study is also a story about alternative routes to the General Data Protection Regulation (GDPR) which are – for many reasons – not easy to take.\u0000Africa, African Union, African Regional Economic Communities, Data Protection, Privacy, GDPR","PeriodicalId":127582,"journal":{"name":"Global Privacy Law Review","volume":"159 8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124392006","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In Nigeria, the right to privacy is protected under Section 37 of the 1999 Constitution of the Federal Republic of Nigeria by providing that: ‘[t]he privacy of citizens, their homes, correspondence, telephone conversations and telegraphic communications is hereby guaranteed and protected. A host of other general and sector-specific legislation serves to safeguard (informational) privacy. A number of these legislations, including especially the 2019 Nigeria Data Protection Regulation (NDPR)—currently the most comprehensive of all existing informational privacy/data protection laws – is made and enforced by the country’s foremost information technology agency, i.e., the National Information Technology Development Agency (NITDA).�However, there have arisen controversies regarding the powers of the NITDA to make or enforce data protection laws in Nigeria. To frame the question more clearly, it has been asked whether the NITDA has the power to enforce data protection requirements and penalties stipulated in the 2007 NITDA Act and the NDPR.�This article (1) examines the role of the NITDA in data protection; (2) considers the validity of the NITDA Act, the NDPR (and other subsidiary legislation); and (3) contemplates the power of the NITDA to issue sanctions in case of non-compliance by affected entities. This article questions certain fundamental assumptions around the formulation, interpretation, and application of Nigeria’s data protection laws. Our contribution effectively lays to rest controversies surrounding NITDA’s powers of enforcement – a conclusion, which, in our opinion, remains valid until a contradictory legal judicial position, is declared.�Nigeria, Nigeria Data Protection Regulation, NDPR, National Information Technology Development Agency, NITDA, Data Protection, Privacy
{"title":"Examining the Powers of the NITDA to Enforce Data Protection Laws in Nigeria","authors":"M. A. Lateef, Lawrence O. Taiwo, Ademola Adeyoju","doi":"10.54648/gplr2022009","DOIUrl":"https://doi.org/10.54648/gplr2022009","url":null,"abstract":"In Nigeria, the right to privacy is protected under Section 37 of the 1999 Constitution of the Federal Republic of Nigeria by providing that: ‘[t]he privacy of citizens, their homes, correspondence, telephone conversations and telegraphic communications is hereby guaranteed and protected. A host of other general and sector-specific legislation serves to safeguard (informational) privacy. A number of these legislations, including especially the 2019 Nigeria Data Protection Regulation (NDPR)—currently the most comprehensive of all existing informational privacy/data protection laws – is made and enforced by the country’s foremost information technology agency, i.e., the National Information Technology Development Agency (NITDA).\u0000However, there have arisen controversies regarding the powers of the NITDA to make or enforce data protection laws in Nigeria. To frame the question more clearly, it has been asked whether the NITDA has the power to enforce data protection requirements and penalties stipulated in the 2007 NITDA Act and the NDPR.\u0000This article (1) examines the role of the NITDA in data protection; (2) considers the validity of the NITDA Act, the NDPR (and other subsidiary legislation); and (3) contemplates the power of the NITDA to issue sanctions in case of non-compliance by affected entities. This article questions certain fundamental assumptions around the formulation, interpretation, and application of Nigeria’s data protection laws. Our contribution effectively lays to rest controversies surrounding NITDA’s powers of enforcement – a conclusion, which, in our opinion, remains valid until a contradictory legal judicial position, is declared.\u0000Nigeria, Nigeria Data Protection Regulation, NDPR, National Information Technology Development Agency, NITDA, Data Protection, Privacy","PeriodicalId":127582,"journal":{"name":"Global Privacy Law Review","volume":"82 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129916863","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Controlling the Harmful Effects of Social Media","authors":"Jason Flint","doi":"10.54648/gplr2022011","DOIUrl":"https://doi.org/10.54648/gplr2022011","url":null,"abstract":"","PeriodicalId":127582,"journal":{"name":"Global Privacy Law Review","volume":"101 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114821750","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Guest Editor’s Note: Regulatory Strategies for the Data Economy","authors":"Boris P. Paal","doi":"10.54648/gplr2022006","DOIUrl":"https://doi.org/10.54648/gplr2022006","url":null,"abstract":"","PeriodicalId":127582,"journal":{"name":"Global Privacy Law Review","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126379376","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Data Protection in Africa: Slowly But Surely","authors":"Ceyhun Necati Pehlivan","doi":"10.54648/gplr2022005","DOIUrl":"https://doi.org/10.54648/gplr2022005","url":null,"abstract":"","PeriodicalId":127582,"journal":{"name":"Global Privacy Law Review","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134090564","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The European Union (EU) Data Protection Directive (DPD) was repealed for its failure to achieve the anticipated level of regulatory compliance thereby paving the way for General Data Protection Regulation (GDPR) which came with a number of novelties including the introduction of monitoring bodies (MBs) as another layer of compliance enforcement with provisions of the GDPR through sector-specific codes of conduct (CoC). While the DPD also had a provision on CoC, it was bereft of its enforcement mechanism, success indicators and workability, hence the introduction of MBs as an additional player in the GDPR-enforcement ecosystem to ensure compliance with the CoC on the one hand and sanction violations on the other. Conversely, on the other side of the Mediterranean Sea, Nigeria issued its own version of the GDPR as ‘Nigeria Data Protection Regulation’ (NDPR) and introduced its own peculiar MB styled ‘Data Protection Compliance Organization’ (DPCO) to, interestingly, on behalf of the National Information Technology Development Agency (NITDA) ensure and monitor compliance with the NDPR and at the same time forge a fiduciary relationship with the controllers as their paid auditors. This article places the European concept of MBs and Nigerian novelty of DPCOs side by side while examining the relationship between the two similar yet asymmetric concepts. The article analyses the varying issues surrounding the nature, appointment or creation, powers, and functionalities of MBs and DPCOs under the European and Nigerian regulations.�Nigeria, Nigeria Data Protection Regulation, NDPR, National Information Technology Development Agency, NITDA, Data Protection Compliance Organization, DPCO
{"title":"Data Protection Compliance Organizations (DPCO) Under the NDPR, and Monitoring Bodies Under the GDPR: Two Sides of the Same Compliance Coin?","authors":"Olumide Babalola","doi":"10.54648/gplr2022010","DOIUrl":"https://doi.org/10.54648/gplr2022010","url":null,"abstract":"The European Union (EU) Data Protection Directive (DPD) was repealed for its failure to achieve the anticipated level of regulatory compliance thereby paving the way for General Data Protection Regulation (GDPR) which came with a number of novelties including the introduction of monitoring bodies (MBs) as another layer of compliance enforcement with provisions of the GDPR through sector-specific codes of conduct (CoC). While the DPD also had a provision on CoC, it was bereft of its enforcement mechanism, success indicators and workability, hence the introduction of MBs as an additional player in the GDPR-enforcement ecosystem to ensure compliance with the CoC on the one hand and sanction violations on the other. Conversely, on the other side of the Mediterranean Sea, Nigeria issued its own version of the GDPR as ‘Nigeria Data Protection Regulation’ (NDPR) and introduced its own peculiar MB styled ‘Data Protection Compliance Organization’ (DPCO) to, interestingly, on behalf of the National Information Technology Development Agency (NITDA) ensure and monitor compliance with the NDPR and at the same time forge a fiduciary relationship with the controllers as their paid auditors. This article places the European concept of MBs and Nigerian novelty of DPCOs side by side while examining the relationship between the two similar yet asymmetric concepts. The article analyses the varying issues surrounding the nature, appointment or creation, powers, and functionalities of MBs and DPCOs under the European and Nigerian regulations.\u0000Nigeria, Nigeria Data Protection Regulation, NDPR, National Information Technology Development Agency, NITDA, Data Protection Compliance Organization, DPCO","PeriodicalId":127582,"journal":{"name":"Global Privacy Law Review","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125127929","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: