{"title":"Transferring personal data to international organizations under the GDPR: an analysis of the transfer mechanisms","authors":"Massimo Marelli","doi":"10.1093/idpl/ipad022","DOIUrl":"https://doi.org/10.1093/idpl/ipad022","url":null,"abstract":"","PeriodicalId":51749,"journal":{"name":"International Data Privacy Law","volume":"27 19","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-11-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135086766","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Abstract • Cloud computing is a well-established and flourishing phenomenon, whose key activity on personal data is the storage thereof. This study analyses the allocation of the controller–processor roles under the General Data Protection Regulation (GDPR) to the cloud computing actors in the context of the storage of personal data. It examines the current controller–processor model and suggests a joint controllership interpretation to the EU regulators, as a more appropriate allocation of roles in the context of cloud computing. • We argue that the prevailing controller–processor interpretation stems from the current primacy of the purpose criterion, as well as the recognition of consent as a criterion to allocate controllership. This article suggests that cloud providers control some of the essential means of the storage of personal data, thereby shifting part of the control from cloud customers to cloud providers. • If the joint controllership approach was to be followed by the EU regulators, this article argues that it would better reflect the economic and technical reality, and provide a more appropriate responsibility and liability framework for cloud providers and customers, which in turn would enhance the level of protection that data subjects should benefit from under the GDPR.
{"title":"Re-thinking the allocation of roles under the GDPR in the context of cloud computing","authors":"Cyril Fischer","doi":"10.1093/idpl/ipad023","DOIUrl":"https://doi.org/10.1093/idpl/ipad023","url":null,"abstract":"Abstract • Cloud computing is a well-established and flourishing phenomenon, whose key activity on personal data is the storage thereof. This study analyses the allocation of the controller–processor roles under the General Data Protection Regulation (GDPR) to the cloud computing actors in the context of the storage of personal data. It examines the current controller–processor model and suggests a joint controllership interpretation to the EU regulators, as a more appropriate allocation of roles in the context of cloud computing. • We argue that the prevailing controller–processor interpretation stems from the current primacy of the purpose criterion, as well as the recognition of consent as a criterion to allocate controllership. This article suggests that cloud providers control some of the essential means of the storage of personal data, thereby shifting part of the control from cloud customers to cloud providers. • If the joint controllership approach was to be followed by the EU regulators, this article argues that it would better reflect the economic and technical reality, and provide a more appropriate responsibility and liability framework for cloud providers and customers, which in turn would enhance the level of protection that data subjects should benefit from under the GDPR.","PeriodicalId":51749,"journal":{"name":"International Data Privacy Law","volume":"29 11","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-11-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135430044","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"The interplay between machine learning and data minimization under the GDPR: the case of Google’s topics API","authors":"Cornelius Witt, Jan De Bruyne","doi":"10.1093/idpl/ipad020","DOIUrl":"https://doi.org/10.1093/idpl/ipad020","url":null,"abstract":"","PeriodicalId":51749,"journal":{"name":"International Data Privacy Law","volume":"62 4","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-10-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"136318184","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Code as personal data: implications for data protection law and regulation of algorithms","authors":"Nadezhda Purtova, Ronald Leenes","doi":"10.1093/idpl/ipad019","DOIUrl":"https://doi.org/10.1093/idpl/ipad019","url":null,"abstract":"","PeriodicalId":51749,"journal":{"name":"International Data Privacy Law","volume":"48 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-10-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"136013047","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Simple and advanced reflexivity in GDPR enforcement: empirical evidence from DPA activity","authors":"Maciej Pichlak, Klaudia Gaczoł","doi":"10.1093/idpl/ipad018","DOIUrl":"https://doi.org/10.1093/idpl/ipad018","url":null,"abstract":"","PeriodicalId":51749,"journal":{"name":"International Data Privacy Law","volume":"36 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-09-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"136376026","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Theory and practice: the protection of children’s personal information in China","authors":"Lu Zhang, Konrad Kollnig","doi":"10.1093/idpl/ipad017","DOIUrl":"https://doi.org/10.1093/idpl/ipad017","url":null,"abstract":"","PeriodicalId":51749,"journal":{"name":"International Data Privacy Law","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-09-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134997460","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Adnan Trakic, Ridoan Karim, Hanifah Haydar Ali Tajuddin
{"title":"It is time to recognize the tort of invasion of privacy in Malaysia","authors":"Adnan Trakic, Ridoan Karim, Hanifah Haydar Ali Tajuddin","doi":"10.1093/idpl/ipad016","DOIUrl":"https://doi.org/10.1093/idpl/ipad016","url":null,"abstract":"","PeriodicalId":51749,"journal":{"name":"International Data Privacy Law","volume":"87 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-08-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135236203","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"The one-stop-shop and the European Data Protection Board’s role in combatting data supervision forum shopping","authors":"Diogo Matos Brandão","doi":"10.1093/idpl/ipad014","DOIUrl":"https://doi.org/10.1093/idpl/ipad014","url":null,"abstract":"","PeriodicalId":51749,"journal":{"name":"International Data Privacy Law","volume":"95 1","pages":""},"PeriodicalIF":2.1,"publicationDate":"2023-08-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"76597288","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
� This article examines the constitutionality of the Cyber Security Directions released by Computer Emergency Response Team India (CERT-In). The new guidelines issued by CERT-In, the nodal agency of the Ministry of Electronics and Information Technology, have been in the news in India due to concerns being raised by various companies and privacy watchdogs like the Internet Freedom Foundation that the guidelines were affecting the fundamental right to privacy and personal autonomy of the individuals. The guidelines promulgated give CERT-In the authority to demand and retain various kinds of personally identifiable information for more than 5 years. The mandates related to virtual private network service providers are unreasonable and violative of user privacy, while the domain of information that is to be collected is ambiguous and unspecified for the purpose, thus increasing the chances of surveillance and potential censorship. The authors also give suggestions on how to overcome anomalies which are present in the guidelines issued by CERT-In.
本文探讨了印度计算机应急响应小组(CERT-In)发布的《网络安全指示》的合宪性。印度电子和信息技术部(Ministry of Electronics and Information Technology)的节点机构CERT-In发布的新指导方针上了新闻,原因是许多公司和互联网自由基金会(Internet Freedom Foundation)等隐私监管机构担心,这些指导方针影响了个人的基本隐私权和个人自主权。颁布的指导方针赋予CERT-In在5年以上的时间内要求和保留各种个人身份信息的权力。与虚拟专用网络服务提供商相关的授权是不合理的,侵犯了用户隐私,而要收集的信息领域是模糊的,并且没有明确的目的,从而增加了监视和潜在审查的机会。作者还就如何克服CERT-In发布的指南中存在的异常给出了建议。
{"title":"The constitutionality of the new Indian CERT-In VPN rules","authors":"Siddharth Chaturvedi, H. Srivastava","doi":"10.1093/idpl/ipad015","DOIUrl":"https://doi.org/10.1093/idpl/ipad015","url":null,"abstract":"\u0000 This article examines the constitutionality of the Cyber Security Directions released by Computer Emergency Response Team India (CERT-In). The new guidelines issued by CERT-In, the nodal agency of the Ministry of Electronics and Information Technology, have been in the news in India due to concerns being raised by various companies and privacy watchdogs like the Internet Freedom Foundation that the guidelines were affecting the fundamental right to privacy and personal autonomy of the individuals. The guidelines promulgated give CERT-In the authority to demand and retain various kinds of personally identifiable information for more than 5 years. The mandates related to virtual private network service providers are unreasonable and violative of user privacy, while the domain of information that is to be collected is ambiguous and unspecified for the purpose, thus increasing the chances of surveillance and potential censorship. The authors also give suggestions on how to overcome anomalies which are present in the guidelines issued by CERT-In.","PeriodicalId":51749,"journal":{"name":"International Data Privacy Law","volume":"61 1","pages":""},"PeriodicalIF":2.1,"publicationDate":"2023-07-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"91106278","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Bjørn Aslak Juliussen, Elisavet Kozyri, D. Johansen, J. P. Rui
{"title":"The third country problem under the GDPR: enhancing protection of data transfers with technology","authors":"Bjørn Aslak Juliussen, Elisavet Kozyri, D. Johansen, J. P. Rui","doi":"10.1093/idpl/ipad013","DOIUrl":"https://doi.org/10.1093/idpl/ipad013","url":null,"abstract":"","PeriodicalId":51749,"journal":{"name":"International Data Privacy Law","volume":"1 1","pages":""},"PeriodicalIF":2.1,"publicationDate":"2023-07-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"89659677","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: