Opening remarks given at the online conference on the GDPR and international organizations held on 26 February 2021: I am delighted to take part in this online conference. It reminds me of some things I did during my time as the European Data Protection Supervisor (EDPS) and also of an event 4 years ago at UN Headquarters in New York, organized by the IAPP (International Association of Privacy Professionals), and UN Global Pulse, an initiative of the Secretary General of the United Nations to use big data and artificial intelligence for sustainable development, humanitarian action, and global peace. During that event on ‘Data Ethics’, we spent a full day on how ‘responsible data processing’ and ‘data privacy’ could be made an integral part of any such activities by international organizations (IOs), in the countries involved and at global level. In other words, the relevance of today’s event is obvious to me and it also raises interesting legal issues and practical challenges, which we will be discussing today.
在2021年2月26日举行的《通用数据保护条例》与国际组织在线会议上的致辞:我很高兴参加这次在线会议。这让我想起了我在担任欧洲数据保护主管(EDPS)期间所做的一些事情,也让我想起了4年前在纽约联合国总部举办的一场活动,该活动由国际隐私专业人员协会(IAPP)和联合国全球脉动(UN Global Pulse)组织,后者是联合国秘书长发起的一项倡议,旨在利用大数据和人工智能促进可持续发展、人道主义行动和全球和平。在关于“数据道德”的活动中,我们花了一整天的时间讨论如何让“负责任的数据处理”和“数据隐私”成为国际组织(IOs)在相关国家和全球范围内开展的此类活动的组成部分。换句话说,今天事件的相关性对我来说是显而易见的,它也提出了有趣的法律问题和实际挑战,这是我们今天将要讨论的。
{"title":"Data protection and international organizations: a dialogue between EU law and international law","authors":"P. Hustinx","doi":"10.1093/IDPL/IPAB015","DOIUrl":"https://doi.org/10.1093/IDPL/IPAB015","url":null,"abstract":"Opening remarks given at the online conference on the GDPR and international organizations held on 26 February 2021: I am delighted to take part in this online conference. It reminds me of some things I did during my time as the European Data Protection Supervisor (EDPS) and also of an event 4 years ago at UN Headquarters in New York, organized by the IAPP (International Association of Privacy Professionals), and UN Global Pulse, an initiative of the Secretary General of the United Nations to use big data and artificial intelligence for sustainable development, humanitarian action, and global peace. During that event on ‘Data Ethics’, we spent a full day on how ‘responsible data processing’ and ‘data privacy’ could be made an integral part of any such activities by international organizations (IOs), in the countries involved and at global level. In other words, the relevance of today’s event is obvious to me and it also raises interesting legal issues and practical challenges, which we will be discussing today.","PeriodicalId":51749,"journal":{"name":"International Data Privacy Law","volume":"27 1","pages":""},"PeriodicalIF":2.1,"publicationDate":"2021-06-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81500929","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"A certain standard of protection for international transfers of personal data under the GDPR","authors":"Zuzanna Gulczyńska","doi":"10.1093/IDPL/IPAB013","DOIUrl":"https://doi.org/10.1093/IDPL/IPAB013","url":null,"abstract":"","PeriodicalId":51749,"journal":{"name":"International Data Privacy Law","volume":"17 1","pages":""},"PeriodicalIF":2.1,"publicationDate":"2021-06-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"83618375","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In the absence of international standards for the processing of personal data, the European Union (EU) is seeking to create an effective system for data protection within its sphere of interest. As ...
{"title":"Global applicability of the GDPR in context","authors":"Claes Granmar","doi":"10.1093/IDPL/IPAB012","DOIUrl":"https://doi.org/10.1093/IDPL/IPAB012","url":null,"abstract":"In the absence of international standards for the processing of personal data, the European Union (EU) is seeking to create an effective system for data protection within its sphere of interest. As ...","PeriodicalId":51749,"journal":{"name":"International Data Privacy Law","volume":"51 1","pages":""},"PeriodicalIF":2.1,"publicationDate":"2021-06-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90986357","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"The Nigerian Data Protection Regulation 2019 and data protection in biobank research","authors":"S. Akintola, Dorcas Akinpelu","doi":"10.1093/IDPL/IPAB011","DOIUrl":"https://doi.org/10.1093/IDPL/IPAB011","url":null,"abstract":"","PeriodicalId":51749,"journal":{"name":"International Data Privacy Law","volume":"177 1","pages":""},"PeriodicalIF":2.1,"publicationDate":"2021-05-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"72535285","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Do AI-based anti-money laundering (AML) systems violate European fundamental rights?","authors":"Astrid Bertrand, Winston Maxwell, Xavier Vamparys","doi":"10.1093/IDPL/IPAB010","DOIUrl":"https://doi.org/10.1093/IDPL/IPAB010","url":null,"abstract":"","PeriodicalId":51749,"journal":{"name":"International Data Privacy Law","volume":"404 1","pages":""},"PeriodicalIF":2.1,"publicationDate":"2021-04-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"76533175","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Australia’s ‘COVIDSafe’ law for contact tracing: an experiment in surveillance and trust","authors":"G. Greenleaf, Katharine Kemp","doi":"10.1093/IDPL/IPAB009","DOIUrl":"https://doi.org/10.1093/IDPL/IPAB009","url":null,"abstract":"","PeriodicalId":51749,"journal":{"name":"International Data Privacy Law","volume":"96 1","pages":""},"PeriodicalIF":2.1,"publicationDate":"2021-03-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"75985313","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Fit for purpose? Affective Computing meets EU data protection law","authors":"Andreas Häuselmann","doi":"10.1093/IDPL/IPAB008","DOIUrl":"https://doi.org/10.1093/IDPL/IPAB008","url":null,"abstract":"","PeriodicalId":51749,"journal":{"name":"International Data Privacy Law","volume":"40 1","pages":""},"PeriodicalIF":2.1,"publicationDate":"2021-03-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87381334","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Abstract • This article analyses data-driven measures used in South America to mitigate the impact of COVID-19. Based on a broad review of relevant programmes in the region three selected cases from Argentina (Cuidar App), Brazil (use of personal data by IBGE), and Chile (CoronApp) are evaluated against best regional and international practices. • Our findings suggest that programmes in South America mirror approaches in other global regions and as such face many similar challenges. There is no clearly defined purpose, a lack of transparency, and the need for readjustment soon after initial development. • While the region is heavily affected by COVID-19, the three case-studies analysed demonstrate that policy makers in the region failed to establish trust in the measures. This can be deducted from low penetration rates of the programmes in Argentina and Chile. • Finally, there are serious concerns regarding the long-term impact of these programmes upon human rights (especially privacy) and human dignity.
{"title":"Data-driven measures to mitigate the impact of COVID-19 in South America: how do regional programmes compare to best practice?","authors":"T. Blauth, O. Gstrein","doi":"10.1093/idpl/ipab002","DOIUrl":"https://doi.org/10.1093/idpl/ipab002","url":null,"abstract":"Abstract • This article analyses data-driven measures used in South America to mitigate the impact of COVID-19. Based on a broad review of relevant programmes in the region three selected cases from Argentina (Cuidar App), Brazil (use of personal data by IBGE), and Chile (CoronApp) are evaluated against best regional and international practices. • Our findings suggest that programmes in South America mirror approaches in other global regions and as such face many similar challenges. There is no clearly defined purpose, a lack of transparency, and the need for readjustment soon after initial development. • While the region is heavily affected by COVID-19, the three case-studies analysed demonstrate that policy makers in the region failed to establish trust in the measures. This can be deducted from low penetration rates of the programmes in Argentina and Chile. • Finally, there are serious concerns regarding the long-term impact of these programmes upon human rights (especially privacy) and human dignity.","PeriodicalId":51749,"journal":{"name":"International Data Privacy Law","volume":"26 1","pages":""},"PeriodicalIF":2.1,"publicationDate":"2021-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81006540","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This article investigates an under-discussed and potentially significant provision in the EU General Data Protection Regulation, namely Article 9(2)(e), which permits processing of special category personal data if the “processing relates to personal data which are manifestly made public by the data subject”. We specifically consider the application of this provision in the context of genetic data and open data sharing (i.e. data that can be freely used, re-used, and redistributed by anyone), illustrating this by way of several cases of initiatives that seek to share genetic data. We query whether by uploading one’s own genetic data onto the internet, a person has made their data “manifestly public” within the meaning of the GDPR. Our response to this query is that in general, the answer should be no, but it remains possible. We argue that Article 9(2)(e) must be construed narrowly; outside of clearly defined contexts, it would be legally inappropriate to invoke and rely upon this manifestly public self-disclosure exception in data protection law. Our narrow interpretation of the provision aligns with the limited guidance made available from data protection authorities. As part of this argument, we propose a legal test that must be satisfied before Article 9(2)(e) may be lawfully invoked, grounded in the intent of the data subject.
{"title":"What does it mean for a data subject to make their personal data ‘manifestly public’? An analysis of GDPR Article 9(2)(e)","authors":"E. Dove, Jiahong Chen","doi":"10.1093/IDPL/IPAB005","DOIUrl":"https://doi.org/10.1093/IDPL/IPAB005","url":null,"abstract":"This article investigates an under-discussed and potentially significant provision in the EU General Data Protection Regulation, namely Article 9(2)(e), which permits processing of special category personal data if the “processing relates to personal data which are manifestly made public by the data subject”. We specifically consider the application of this provision in the context of genetic data and open data sharing (i.e. data that can be freely used, re-used, and redistributed by anyone), illustrating this by way of several cases of initiatives that seek to share genetic data. We query whether by uploading one’s own genetic data onto the internet, a person has made their data “manifestly public” within the meaning of the GDPR. Our response to this query is that in general, the answer should be no, but it remains possible. We argue that Article 9(2)(e) must be construed narrowly; outside of clearly defined contexts, it would be legally inappropriate to invoke and rely upon this manifestly public self-disclosure exception in data protection law. Our narrow interpretation of the provision aligns with the limited guidance made available from data protection authorities. As part of this argument, we propose a legal test that must be satisfied before Article 9(2)(e) may be lawfully invoked, grounded in the intent of the data subject.","PeriodicalId":51749,"journal":{"name":"International Data Privacy Law","volume":"18 1","pages":""},"PeriodicalIF":2.1,"publicationDate":"2021-02-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"83700013","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
� Ethics is seen as a critical resource for data law. But beyond this almost slogan-like truism, the exact functions which ethics might play in data law are often left unclear. This contribution clarifies the ways in which data ethics and data law are intertwined and, on this basis, offers guidelines for practitioners in terms of interpreting the GDPR. Two types of norms allow for modulation between the law and ethics of data. The first type of norms is the ‘principles’ of the GDPR. Ethical resources can be used for the interpretation of these norms using a Rawlsian reflective equilibrium approach. The second type of norms is evaluative judgment norms, the most well-known of which derive from the characteristically risk-based responsibility that the GDPR bestows on controllers. For these evaluative norms, ethical resources could be used in three different functions: as a tool for the identification and assessment of risks, as a resource for improving data controller processes, and as the basis for the codes of conduct foreseen by the GDPR. These three potential modulations between ethics and the law of data help controllers of data make sense of their responsibilities in light of the GDPR’s requirements.
{"title":"Ethics in the GDPR: A Blueprint for Applied Legal Theory","authors":"J. Rochel","doi":"10.1093/IDPL/IPAB007","DOIUrl":"https://doi.org/10.1093/IDPL/IPAB007","url":null,"abstract":"\u0000 Ethics is seen as a critical resource for data law. But beyond this almost slogan-like truism, the exact functions which ethics might play in data law are often left unclear. This contribution clarifies the ways in which data ethics and data law are intertwined and, on this basis, offers guidelines for practitioners in terms of interpreting the GDPR. Two types of norms allow for modulation between the law and ethics of data. The first type of norms is the ‘principles’ of the GDPR. Ethical resources can be used for the interpretation of these norms using a Rawlsian reflective equilibrium approach. The second type of norms is evaluative judgment norms, the most well-known of which derive from the characteristically risk-based responsibility that the GDPR bestows on controllers. For these evaluative norms, ethical resources could be used in three different functions: as a tool for the identification and assessment of risks, as a resource for improving data controller processes, and as the basis for the codes of conduct foreseen by the GDPR. These three potential modulations between ethics and the law of data help controllers of data make sense of their responsibilities in light of the GDPR’s requirements.","PeriodicalId":51749,"journal":{"name":"International Data Privacy Law","volume":"7 1","pages":""},"PeriodicalIF":2.1,"publicationDate":"2021-02-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"89097544","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: