{"title":"Guest Editors’ Notes: Privacy and Data Protection in Latin America: The Future of Privacy","authors":"Diego Fernández","doi":"10.54648/gplr2021011","DOIUrl":"https://doi.org/10.54648/gplr2021011","url":null,"abstract":"","PeriodicalId":127582,"journal":{"name":"Global Privacy Law Review","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131018359","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Guest Editors’ Notes: Privacy Law in Chile: Recent Developments","authors":"R. Momberg","doi":"10.54648/gplr2021012","DOIUrl":"https://doi.org/10.54648/gplr2021012","url":null,"abstract":"","PeriodicalId":127582,"journal":{"name":"Global Privacy Law Review","volume":"38 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116106613","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Editorial: Data Protection in Latin America: An Overview","authors":"Ceyhun Necati Pehlivan","doi":"10.54648/gplr2021010","DOIUrl":"https://doi.org/10.54648/gplr2021010","url":null,"abstract":"","PeriodicalId":127582,"journal":{"name":"Global Privacy Law Review","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125280164","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Foreword: Convergence in Personal Data Protection: A Regulator’s View","authors":"Felipe Rotondo Tornaría","doi":"10.54648/gplr2021013","DOIUrl":"https://doi.org/10.54648/gplr2021013","url":null,"abstract":"","PeriodicalId":127582,"journal":{"name":"Global Privacy Law Review","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129722656","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Since the processing of personal data has become global, and the presence of data processors has been increasing over time, it is of paramount importance to analyse how responsibilities are allocated among data controllers and data processors. Therefore, the aim of this article is to analyse how responsibilities and obligations of data controllers and data processors established in Uruguay – or abroad but subject to Uruguayan Data Protection Regulations due to their extraterritorial effect – are distributed and why this matter should be regulated in further detail.�Uruguay, Liability, Responsibility, Obligations, Data Controllers, Data Processors, Data Recipients, Principles, Territorial Scope
{"title":"Data Processors’ Liability from a Uruguayan Data Protection Perspective","authors":"Sofía Anza, Josemaría Motta","doi":"10.54648/gplr2021020","DOIUrl":"https://doi.org/10.54648/gplr2021020","url":null,"abstract":"Since the processing of personal data has become global, and the presence of data processors has been increasing over time, it is of paramount importance to analyse how responsibilities are allocated among data controllers and data processors. Therefore, the aim of this article is to analyse how responsibilities and obligations of data controllers and data processors established in Uruguay – or abroad but subject to Uruguayan Data Protection Regulations due to their extraterritorial effect – are distributed and why this matter should be regulated in further detail.\u0000Uruguay, Liability, Responsibility, Obligations, Data Controllers, Data Processors, Data Recipients, Principles, Territorial Scope","PeriodicalId":127582,"journal":{"name":"Global Privacy Law Review","volume":"85 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124894298","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The global COVID-19 pandemic has tested the business and human capacity in Latin America to adapt to the digital world. While the world has experienced similar developments in privacy and data protection, the Latin American region is rarely analysed as a whole in terms of privacy and data protection. Besides GDPR, Latin America has older and even more robust data protection regimes than the US and is now quickly shifting to cybersecurity. In this article, we provide a quick overview of the data protection regimes in Latin America to summarize representative actions that countries in Latin America took for the protection of privacy and personal data during the pandemic period. We examine the factors and circumstances that have affected the region’s privacy through this period, including unsuitable data processing, the design of new tracking technologies, teleworking, the risks of relying on digital platforms, and alleged new cybersecurity regulation. With that in mind, we are making a value proposition towards identifying common factors for a reasonable security in order to help companies preparing to confront risks. This digital trend will undoubtedly resonate on the complexity of data transfers inbound and outbound the region, and the consequences of security breaches for those improperly processing data in the region.�Mexico, Latin America, COVID-19, Digital Transformation, Cybersecurity, Personal Data, Data Processing, Incident Response, Teleworking, Reasonable Security, Privacy
{"title":"Report: Privacy in Latin America During COVID-19 Times and Reasonable Digital Security","authors":"Guillermo E. Larrea, Juan Carlos Quinzaños","doi":"10.54648/gplr2021021","DOIUrl":"https://doi.org/10.54648/gplr2021021","url":null,"abstract":"The global COVID-19 pandemic has tested the business and human capacity in Latin America to adapt to the digital world. While the world has experienced similar developments in privacy and data protection, the Latin American region is rarely analysed as a whole in terms of privacy and data protection. Besides GDPR, Latin America has older and even more robust data protection regimes than the US and is now quickly shifting to cybersecurity. In this article, we provide a quick overview of the data protection regimes in Latin America to summarize representative actions that countries in Latin America took for the protection of privacy and personal data during the pandemic period. We examine the factors and circumstances that have affected the region’s privacy through this period, including unsuitable data processing, the design of new tracking technologies, teleworking, the risks of relying on digital platforms, and alleged new cybersecurity regulation. With that in mind, we are making a value proposition towards identifying common factors for a reasonable security in order to help companies preparing to confront risks. This digital trend will undoubtedly resonate on the complexity of data transfers inbound and outbound the region, and the consequences of security breaches for those improperly processing data in the region.\u0000Mexico, Latin America, COVID-19, Digital Transformation, Cybersecurity, Personal Data, Data Processing, Incident Response, Teleworking, Reasonable Security, Privacy","PeriodicalId":127582,"journal":{"name":"Global Privacy Law Review","volume":"1 6","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131436247","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This article proposes a systemic review of the protection of privacy in the Chilean Constitution, understood not only by the norms of Article 19 No. 4, the right to privacy and the right to the protection of personal data, but also through the normative content provided by No. 5, which comprises the rights to the inviolability of the home, private communications and documents, subject to constitutional protection. When we conceive the privacy protection standards set out in Chilean constitutional law as a system, we can appreciate that despite the obvious differences between the different rights that form this system, there are areas where they do intersect or overlap when applying them to specific facts. This wide scope of protection is essential to apply the right to privacy as a strong defence against the threats and risks posed by the use of digital technologies.�Chile, Privacy, Constitutional Law, Personal Data, Private Communications, Informational Self-Determination
{"title":"The Constitutional System for the Protection of Privacy in Chilean Law","authors":"Daniel Álvarez-Valenzuela","doi":"10.54648/gplr2021017","DOIUrl":"https://doi.org/10.54648/gplr2021017","url":null,"abstract":"This article proposes a systemic review of the protection of privacy in the Chilean Constitution, understood not only by the norms of Article 19 No. 4, the right to privacy and the right to the protection of personal data, but also through the normative content provided by No. 5, which comprises the rights to the inviolability of the home, private communications and documents, subject to constitutional protection. When we conceive the privacy protection standards set out in Chilean constitutional law as a system, we can appreciate that despite the obvious differences between the different rights that form this system, there are areas where they do intersect or overlap when applying them to specific facts. This wide scope of protection is essential to apply the right to privacy as a strong defence against the threats and risks posed by the use of digital technologies.\u0000Chile, Privacy, Constitutional Law, Personal Data, Private Communications, Informational Self-Determination","PeriodicalId":127582,"journal":{"name":"Global Privacy Law Review","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131748112","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The California Consumer Privacy Act of 2018 (CCPA) became enforceable on 1 July 2020. However, the interpretation of ‘household’ within the definition of a consumer’s personal information remains unclear. Since even a person living alone in a housing unit is counted as a household, it is not indicated how an individual within a household differs from a consumer in the definition of personal information. In other words, people who constitute a household are in the same time consumers as defined in the CCPA (California residents), so ‘household’ in the CCPA duplicates the meaning of ‘consumer’ in the definition of personal information. The guidance of the CCPA issued by the Attorney General’s Office actually show that at the end of the day, the household needs to be tied to a consumer in order to validate the request, for example in the guidance § 999.318 it is explicitly said ‘all consumers of the household’. The scope of the definition of personal information and therefore the scope of the CCPA becomes uncertain without answering the question of how ‘household’ is to be understood in the CCPA. This article discusses the answer to this question.�CCPA, California Consumer Privacy Act, household, household definition, consumer, personal information, all consumers of the household
{"title":"The Interpretation of ‘Household’ in the Definition of Personal Information in the CCPA","authors":"Mariusz Krzysztofek","doi":"10.54648/gplr2021005","DOIUrl":"https://doi.org/10.54648/gplr2021005","url":null,"abstract":"The California Consumer Privacy Act of 2018 (CCPA) became enforceable on 1 July 2020. However, the interpretation of ‘household’ within the definition of a consumer’s personal information remains unclear. Since even a person living alone in a housing unit is counted as a household, it is not indicated how an individual within a household differs from a consumer in the definition of personal information. In other words, people who constitute a household are in the same time consumers as defined in the CCPA (California residents), so ‘household’ in the CCPA duplicates the meaning of ‘consumer’ in the definition of personal information. The guidance of the CCPA issued by the Attorney General’s Office actually show that at the end of the day, the household needs to be tied to a consumer in order to validate the request, for example in the guidance § 999.318 it is explicitly said ‘all consumers of the household’. The scope of the definition of personal information and therefore the scope of the CCPA becomes uncertain without answering the question of how ‘household’ is to be understood in the CCPA. This article discusses the answer to this question.\u0000CCPA, California Consumer Privacy Act, household, household definition, consumer, personal information, all consumers of the household","PeriodicalId":127582,"journal":{"name":"Global Privacy Law Review","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129262651","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Yves Bauer, Nathalie Tissot, Bertil Cottier, H. Mercier
This article highlights the tension that lies between the General Data Protection Regulations (GDPR’s) security and minimization principles. The implementation of state-of-the-art technologies, such as entanglement or blockchains, offers promising opportunities for data controllers to guarantee the security of the data they process, particularly in relation to availability and accuracy. On the other hand, such technologies may enter into conflict with other obligations, especially regarding the erasure of data (at the end of data life or requested by the data subject). We argue that the interpretation of the notion of erasure shall not be limited to the physical destruction of the data, but shall also extend, when technical measures implemented for the purpose of guaranteeing security do not allow for the physical destruction of the data, to ‘relative erasures’, or processing activities that have for effect to put the data beyond use in a way that makes it impossible, for the controller or third parties, to process it again without disproportionate efforts. Such interpretation would allow data controllers who implement strong security measures to comply with the GDPR. Combined with a careful design of privacy, it may further guarantee the data subject’s rights without requiring detrimental security concessions.�GDPR, erasure, minimization principle, right to erasure, data life cycle, anti-tampering technologies, blockchain technologies, data availability, data integrity, data deletion, data erasure
{"title":"Is a Relative Definition of the Notion of Erasure the Much Sought-After Solution to the Dilemma Between Robust Integrity and Total Eradication?","authors":"Yves Bauer, Nathalie Tissot, Bertil Cottier, H. Mercier","doi":"10.54648/gplr2021004","DOIUrl":"https://doi.org/10.54648/gplr2021004","url":null,"abstract":"This article highlights the tension that lies between the General Data Protection Regulations (GDPR’s) security and minimization principles. The implementation of state-of-the-art technologies, such as entanglement or blockchains, offers promising opportunities for data controllers to guarantee the security of the data they process, particularly in relation to availability and accuracy. On the other hand, such technologies may enter into conflict with other obligations, especially regarding the erasure of data (at the end of data life or requested by the data subject). We argue that the interpretation of the notion of erasure shall not be limited to the physical destruction of the data, but shall also extend, when technical measures implemented for the purpose of guaranteeing security do not allow for the physical destruction of the data, to ‘relative erasures’, or processing activities that have for effect to put the data beyond use in a way that makes it impossible, for the controller or third parties, to process it again without disproportionate efforts. Such interpretation would allow data controllers who implement strong security measures to comply with the GDPR. Combined with a careful design of privacy, it may further guarantee the data subject’s rights without requiring detrimental security concessions.\u0000GDPR, erasure, minimization principle, right to erasure, data life cycle, anti-tampering technologies, blockchain technologies, data availability, data integrity, data deletion, data erasure","PeriodicalId":127582,"journal":{"name":"Global Privacy Law Review","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130300478","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: