� This article examines the constitutionality of the Cyber Security Directions released by Computer Emergency Response Team India (CERT-In). The new guidelines issued by CERT-In, the nodal agency of the Ministry of Electronics and Information Technology, have been in the news in India due to concerns being raised by various companies and privacy watchdogs like the Internet Freedom Foundation that the guidelines were affecting the fundamental right to privacy and personal autonomy of the individuals. The guidelines promulgated give CERT-In the authority to demand and retain various kinds of personally identifiable information for more than 5 years. The mandates related to virtual private network service providers are unreasonable and violative of user privacy, while the domain of information that is to be collected is ambiguous and unspecified for the purpose, thus increasing the chances of surveillance and potential censorship. The authors also give suggestions on how to overcome anomalies which are present in the guidelines issued by CERT-In.
本文探讨了印度计算机应急响应小组(CERT-In)发布的《网络安全指示》的合宪性。印度电子和信息技术部(Ministry of Electronics and Information Technology)的节点机构CERT-In发布的新指导方针上了新闻,原因是许多公司和互联网自由基金会(Internet Freedom Foundation)等隐私监管机构担心,这些指导方针影响了个人的基本隐私权和个人自主权。颁布的指导方针赋予CERT-In在5年以上的时间内要求和保留各种个人身份信息的权力。与虚拟专用网络服务提供商相关的授权是不合理的,侵犯了用户隐私,而要收集的信息领域是模糊的,并且没有明确的目的,从而增加了监视和潜在审查的机会。作者还就如何克服CERT-In发布的指南中存在的异常给出了建议。
{"title":"The constitutionality of the new Indian CERT-In VPN rules","authors":"Siddharth Chaturvedi, H. Srivastava","doi":"10.1093/idpl/ipad015","DOIUrl":"https://doi.org/10.1093/idpl/ipad015","url":null,"abstract":"\u0000 This article examines the constitutionality of the Cyber Security Directions released by Computer Emergency Response Team India (CERT-In). The new guidelines issued by CERT-In, the nodal agency of the Ministry of Electronics and Information Technology, have been in the news in India due to concerns being raised by various companies and privacy watchdogs like the Internet Freedom Foundation that the guidelines were affecting the fundamental right to privacy and personal autonomy of the individuals. The guidelines promulgated give CERT-In the authority to demand and retain various kinds of personally identifiable information for more than 5 years. The mandates related to virtual private network service providers are unreasonable and violative of user privacy, while the domain of information that is to be collected is ambiguous and unspecified for the purpose, thus increasing the chances of surveillance and potential censorship. The authors also give suggestions on how to overcome anomalies which are present in the guidelines issued by CERT-In.","PeriodicalId":51749,"journal":{"name":"International Data Privacy Law","volume":"61 1","pages":""},"PeriodicalIF":2.1,"publicationDate":"2023-07-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"91106278","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Bjørn Aslak Juliussen, Elisavet Kozyri, D. Johansen, J. P. Rui
{"title":"The third country problem under the GDPR: enhancing protection of data transfers with technology","authors":"Bjørn Aslak Juliussen, Elisavet Kozyri, D. Johansen, J. P. Rui","doi":"10.1093/idpl/ipad013","DOIUrl":"https://doi.org/10.1093/idpl/ipad013","url":null,"abstract":"","PeriodicalId":51749,"journal":{"name":"International Data Privacy Law","volume":"1 1","pages":""},"PeriodicalIF":2.1,"publicationDate":"2023-07-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"89659677","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"The relationship between the principle of effectiveness under Art. 47 CFR and the concept of damages under Art. 82 GDPR","authors":"S. Mulders","doi":"10.1093/idpl/ipad012","DOIUrl":"https://doi.org/10.1093/idpl/ipad012","url":null,"abstract":"","PeriodicalId":51749,"journal":{"name":"International Data Privacy Law","volume":"20 1","pages":""},"PeriodicalIF":2.1,"publicationDate":"2023-07-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"80693290","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Personal data and personal safety:re-examining the limits of public data in the context of doxing","authors":"Batuhan Kukul","doi":"10.1093/idpl/ipad011","DOIUrl":"https://doi.org/10.1093/idpl/ipad011","url":null,"abstract":"","PeriodicalId":51749,"journal":{"name":"International Data Privacy Law","volume":"2 1","pages":""},"PeriodicalIF":2.1,"publicationDate":"2023-06-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"88883131","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Safeguarding privacy and efficacy in e-mental health: policy options in the EU and Australia","authors":"Elisabeth Steindl","doi":"10.1093/idpl/ipad009","DOIUrl":"https://doi.org/10.1093/idpl/ipad009","url":null,"abstract":"","PeriodicalId":51749,"journal":{"name":"International Data Privacy Law","volume":"33 1","pages":""},"PeriodicalIF":2.1,"publicationDate":"2023-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87664148","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Has the GDPR killed e-government? The “once-only” principle vs the principle of purpose limitation","authors":"Monika Mikiver, Paloma Krõõt Tupay","doi":"10.1093/idpl/ipad010","DOIUrl":"https://doi.org/10.1093/idpl/ipad010","url":null,"abstract":"","PeriodicalId":51749,"journal":{"name":"International Data Privacy Law","volume":"90 1","pages":""},"PeriodicalIF":2.1,"publicationDate":"2023-06-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"75819987","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"A deep dive into dynamic data flows, wearable devices, and the concept of health data","authors":"Anni-Maria Taka","doi":"10.1093/idpl/ipad007","DOIUrl":"https://doi.org/10.1093/idpl/ipad007","url":null,"abstract":"","PeriodicalId":51749,"journal":{"name":"International Data Privacy Law","volume":"132 1","pages":""},"PeriodicalIF":2.1,"publicationDate":"2023-05-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"89331204","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In the context of biomedical research, consent is both a ground for the lawful processing of personal data and a bioethical requirement for participation in scientific research projects. While the conditions for obtaining valid consent are extensively discussed in legal and bioethical literature, withdrawal of consent has received considerably less attention. According to the EU General Data Protection Regulation (GDPR), that data subjects have the right to withdraw their consent at any time, but the duties of the entities processing personal data are not clearly defined in the text of the Regulation. Pursuant to Article 7 GDPR, withdrawal ‘shall not affect the lawfulness of processing based on consent before its withdrawal’, but there is no clear specification of the rules governing what happens after this moment. The assumption underlying this article is that a participant expresses a valid consent for the collection and processing of personal data and, at a certain point during the research life-cycle, decides to withdraw her/his consent. This decision would, prima facie, result in an obligation of the data controller to cease processing the data. However, when more closely examined, there are practical, legal, and ethical reasons for why this might not always be the optimal solution. Stopping the processing after receiving a withdrawal request is not an absolute mandate. Pursuant to the GDPR, consent is one Key Points
{"title":"Withdrawal of consent for processing personal data in biomedical research","authors":"Marcu Florea","doi":"10.1093/idpl/ipad008","DOIUrl":"https://doi.org/10.1093/idpl/ipad008","url":null,"abstract":"In the context of biomedical research, consent is both a ground for the lawful processing of personal data and a bioethical requirement for participation in scientific research projects. While the conditions for obtaining valid consent are extensively discussed in legal and bioethical literature, withdrawal of consent has received considerably less attention. According to the EU General Data Protection Regulation (GDPR), that data subjects have the right to withdraw their consent at any time, but the duties of the entities processing personal data are not clearly defined in the text of the Regulation. Pursuant to Article 7 GDPR, withdrawal ‘shall not affect the lawfulness of processing based on consent before its withdrawal’, but there is no clear specification of the rules governing what happens after this moment. The assumption underlying this article is that a participant expresses a valid consent for the collection and processing of personal data and, at a certain point during the research life-cycle, decides to withdraw her/his consent. This decision would, prima facie, result in an obligation of the data controller to cease processing the data. However, when more closely examined, there are practical, legal, and ethical reasons for why this might not always be the optimal solution. Stopping the processing after receiving a withdrawal request is not an absolute mandate. Pursuant to the GDPR, consent is one Key Points","PeriodicalId":51749,"journal":{"name":"International Data Privacy Law","volume":"14 1","pages":""},"PeriodicalIF":2.1,"publicationDate":"2023-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"74446977","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Post-‘Lee-Luda’ personal information protection in Korea: developer responsibility and autonomous AI governance","authors":"C. Jung, Hyunghwan Joo","doi":"10.1093/idpl/ipad006","DOIUrl":"https://doi.org/10.1093/idpl/ipad006","url":null,"abstract":"","PeriodicalId":51749,"journal":{"name":"International Data Privacy Law","volume":"83 1","pages":""},"PeriodicalIF":2.1,"publicationDate":"2023-04-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"88997585","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Correction to: Unpacking data: China’s ‘bundle of rights’ approach to the commercialization of data","authors":"","doi":"10.1093/idpl/ipad005","DOIUrl":"https://doi.org/10.1093/idpl/ipad005","url":null,"abstract":"","PeriodicalId":51749,"journal":{"name":"International Data Privacy Law","volume":"42 1","pages":""},"PeriodicalIF":2.1,"publicationDate":"2023-03-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"86557010","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: