In the absence of international standards for the processing of personal data, the European Union (EU) is seeking to create an effective system for data protection within its sphere of interest. As ...
{"title":"Global applicability of the GDPR in context","authors":"Claes Granmar","doi":"10.1093/IDPL/IPAB012","DOIUrl":"https://doi.org/10.1093/IDPL/IPAB012","url":null,"abstract":"In the absence of international standards for the processing of personal data, the European Union (EU) is seeking to create an effective system for data protection within its sphere of interest. As ...","PeriodicalId":51749,"journal":{"name":"International Data Privacy Law","volume":"51 1","pages":""},"PeriodicalIF":2.1,"publicationDate":"2021-06-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90986357","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"The Nigerian Data Protection Regulation 2019 and data protection in biobank research","authors":"S. Akintola, Dorcas Akinpelu","doi":"10.1093/IDPL/IPAB011","DOIUrl":"https://doi.org/10.1093/IDPL/IPAB011","url":null,"abstract":"","PeriodicalId":51749,"journal":{"name":"International Data Privacy Law","volume":"177 1","pages":""},"PeriodicalIF":2.1,"publicationDate":"2021-05-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"72535285","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Do AI-based anti-money laundering (AML) systems violate European fundamental rights?","authors":"Astrid Bertrand, Winston Maxwell, Xavier Vamparys","doi":"10.1093/IDPL/IPAB010","DOIUrl":"https://doi.org/10.1093/IDPL/IPAB010","url":null,"abstract":"","PeriodicalId":51749,"journal":{"name":"International Data Privacy Law","volume":"404 1","pages":""},"PeriodicalIF":2.1,"publicationDate":"2021-04-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"76533175","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Australia’s ‘COVIDSafe’ law for contact tracing: an experiment in surveillance and trust","authors":"G. Greenleaf, Katharine Kemp","doi":"10.1093/IDPL/IPAB009","DOIUrl":"https://doi.org/10.1093/IDPL/IPAB009","url":null,"abstract":"","PeriodicalId":51749,"journal":{"name":"International Data Privacy Law","volume":"96 1","pages":""},"PeriodicalIF":2.1,"publicationDate":"2021-03-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"75985313","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Fit for purpose? Affective Computing meets EU data protection law","authors":"Andreas Häuselmann","doi":"10.1093/IDPL/IPAB008","DOIUrl":"https://doi.org/10.1093/IDPL/IPAB008","url":null,"abstract":"","PeriodicalId":51749,"journal":{"name":"International Data Privacy Law","volume":"40 1","pages":""},"PeriodicalIF":2.1,"publicationDate":"2021-03-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87381334","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Abstract • This article analyses data-driven measures used in South America to mitigate the impact of COVID-19. Based on a broad review of relevant programmes in the region three selected cases from Argentina (Cuidar App), Brazil (use of personal data by IBGE), and Chile (CoronApp) are evaluated against best regional and international practices. • Our findings suggest that programmes in South America mirror approaches in other global regions and as such face many similar challenges. There is no clearly defined purpose, a lack of transparency, and the need for readjustment soon after initial development. • While the region is heavily affected by COVID-19, the three case-studies analysed demonstrate that policy makers in the region failed to establish trust in the measures. This can be deducted from low penetration rates of the programmes in Argentina and Chile. • Finally, there are serious concerns regarding the long-term impact of these programmes upon human rights (especially privacy) and human dignity.
{"title":"Data-driven measures to mitigate the impact of COVID-19 in South America: how do regional programmes compare to best practice?","authors":"T. Blauth, O. Gstrein","doi":"10.1093/idpl/ipab002","DOIUrl":"https://doi.org/10.1093/idpl/ipab002","url":null,"abstract":"Abstract • This article analyses data-driven measures used in South America to mitigate the impact of COVID-19. Based on a broad review of relevant programmes in the region three selected cases from Argentina (Cuidar App), Brazil (use of personal data by IBGE), and Chile (CoronApp) are evaluated against best regional and international practices. • Our findings suggest that programmes in South America mirror approaches in other global regions and as such face many similar challenges. There is no clearly defined purpose, a lack of transparency, and the need for readjustment soon after initial development. • While the region is heavily affected by COVID-19, the three case-studies analysed demonstrate that policy makers in the region failed to establish trust in the measures. This can be deducted from low penetration rates of the programmes in Argentina and Chile. • Finally, there are serious concerns regarding the long-term impact of these programmes upon human rights (especially privacy) and human dignity.","PeriodicalId":51749,"journal":{"name":"International Data Privacy Law","volume":"26 1","pages":""},"PeriodicalIF":2.1,"publicationDate":"2021-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81006540","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This article investigates an under-discussed and potentially significant provision in the EU General Data Protection Regulation, namely Article 9(2)(e), which permits processing of special category personal data if the “processing relates to personal data which are manifestly made public by the data subject”. We specifically consider the application of this provision in the context of genetic data and open data sharing (i.e. data that can be freely used, re-used, and redistributed by anyone), illustrating this by way of several cases of initiatives that seek to share genetic data. We query whether by uploading one’s own genetic data onto the internet, a person has made their data “manifestly public” within the meaning of the GDPR. Our response to this query is that in general, the answer should be no, but it remains possible. We argue that Article 9(2)(e) must be construed narrowly; outside of clearly defined contexts, it would be legally inappropriate to invoke and rely upon this manifestly public self-disclosure exception in data protection law. Our narrow interpretation of the provision aligns with the limited guidance made available from data protection authorities. As part of this argument, we propose a legal test that must be satisfied before Article 9(2)(e) may be lawfully invoked, grounded in the intent of the data subject.
{"title":"What does it mean for a data subject to make their personal data ‘manifestly public’? An analysis of GDPR Article 9(2)(e)","authors":"E. Dove, Jiahong Chen","doi":"10.1093/IDPL/IPAB005","DOIUrl":"https://doi.org/10.1093/IDPL/IPAB005","url":null,"abstract":"This article investigates an under-discussed and potentially significant provision in the EU General Data Protection Regulation, namely Article 9(2)(e), which permits processing of special category personal data if the “processing relates to personal data which are manifestly made public by the data subject”. We specifically consider the application of this provision in the context of genetic data and open data sharing (i.e. data that can be freely used, re-used, and redistributed by anyone), illustrating this by way of several cases of initiatives that seek to share genetic data. We query whether by uploading one’s own genetic data onto the internet, a person has made their data “manifestly public” within the meaning of the GDPR. Our response to this query is that in general, the answer should be no, but it remains possible. We argue that Article 9(2)(e) must be construed narrowly; outside of clearly defined contexts, it would be legally inappropriate to invoke and rely upon this manifestly public self-disclosure exception in data protection law. Our narrow interpretation of the provision aligns with the limited guidance made available from data protection authorities. As part of this argument, we propose a legal test that must be satisfied before Article 9(2)(e) may be lawfully invoked, grounded in the intent of the data subject.","PeriodicalId":51749,"journal":{"name":"International Data Privacy Law","volume":"18 1","pages":""},"PeriodicalIF":2.1,"publicationDate":"2021-02-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"83700013","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
� Ethics is seen as a critical resource for data law. But beyond this almost slogan-like truism, the exact functions which ethics might play in data law are often left unclear. This contribution clarifies the ways in which data ethics and data law are intertwined and, on this basis, offers guidelines for practitioners in terms of interpreting the GDPR. Two types of norms allow for modulation between the law and ethics of data. The first type of norms is the ‘principles’ of the GDPR. Ethical resources can be used for the interpretation of these norms using a Rawlsian reflective equilibrium approach. The second type of norms is evaluative judgment norms, the most well-known of which derive from the characteristically risk-based responsibility that the GDPR bestows on controllers. For these evaluative norms, ethical resources could be used in three different functions: as a tool for the identification and assessment of risks, as a resource for improving data controller processes, and as the basis for the codes of conduct foreseen by the GDPR. These three potential modulations between ethics and the law of data help controllers of data make sense of their responsibilities in light of the GDPR’s requirements.
{"title":"Ethics in the GDPR: A Blueprint for Applied Legal Theory","authors":"J. Rochel","doi":"10.1093/IDPL/IPAB007","DOIUrl":"https://doi.org/10.1093/IDPL/IPAB007","url":null,"abstract":"\u0000 Ethics is seen as a critical resource for data law. But beyond this almost slogan-like truism, the exact functions which ethics might play in data law are often left unclear. This contribution clarifies the ways in which data ethics and data law are intertwined and, on this basis, offers guidelines for practitioners in terms of interpreting the GDPR. Two types of norms allow for modulation between the law and ethics of data. The first type of norms is the ‘principles’ of the GDPR. Ethical resources can be used for the interpretation of these norms using a Rawlsian reflective equilibrium approach. The second type of norms is evaluative judgment norms, the most well-known of which derive from the characteristically risk-based responsibility that the GDPR bestows on controllers. For these evaluative norms, ethical resources could be used in three different functions: as a tool for the identification and assessment of risks, as a resource for improving data controller processes, and as the basis for the codes of conduct foreseen by the GDPR. These three potential modulations between ethics and the law of data help controllers of data make sense of their responsibilities in light of the GDPR’s requirements.","PeriodicalId":51749,"journal":{"name":"International Data Privacy Law","volume":"7 1","pages":""},"PeriodicalIF":2.1,"publicationDate":"2021-02-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"89097544","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Data protection and social emergency in Latin America: COVID-19, a stress test for democracy, innovation, and regulation","authors":"Luca Belli, N. Zingales","doi":"10.1093/IDPL/IPAB006","DOIUrl":"https://doi.org/10.1093/IDPL/IPAB006","url":null,"abstract":"","PeriodicalId":51749,"journal":{"name":"International Data Privacy Law","volume":"35 1","pages":""},"PeriodicalIF":2.1,"publicationDate":"2021-02-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87459096","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Privacy, personal data protection, and freedom of expression under quarantine? The Peruvian experience","authors":"Andres Calderon, Susana Gonzales, A. Ruiz","doi":"10.1093/IDPL/IPAB003","DOIUrl":"https://doi.org/10.1093/IDPL/IPAB003","url":null,"abstract":"","PeriodicalId":51749,"journal":{"name":"International Data Privacy Law","volume":"1 1","pages":""},"PeriodicalIF":2.1,"publicationDate":"2021-02-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"83079709","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: