{"title":"To track or not to track? Employees’ data privacy in the age of corporate wellness, mobile health, and GDPR†","authors":"C. B. Olsen","doi":"10.1093/idpl/ipaa004","DOIUrl":"https://doi.org/10.1093/idpl/ipaa004","url":null,"abstract":"","PeriodicalId":51749,"journal":{"name":"International Data Privacy Law","volume":"6 1","pages":"236-252"},"PeriodicalIF":2.1,"publicationDate":"2020-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"91336659","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Data portability rights are viewed by policymakers worldwide as a significant legal innovation to stimulate competitive digital economies. These rights allow consumers and businesses to seamlessly receive and transfer data for commercialization and efficiency purposes. The newly implemented Australian Consumer Data Right (CDR) provides an illuminating example of the complex relationship between information privacy and competition law which is central to data portability initiatives. The CDR grants consumers and businesses access and transfer rights for consumer data in the Australian banking, energy, and telecommunications sectors, through the implementation of mandated API standards. There are three policy vectors at the heart of the CDR that parallel previous Australian, UK, and EU data portability developments. They are the type of regulated data covered by the CDR scheme, privacy and security protections and the overarching regulatory framework. We argue that the CDR, and its antecedents, primarily construct data portability as a competition law measure. However, while the general policy intention of the CDR is clear, we contend that the scheme reveals an uncertain role for information privacy law as part of its operation. Uncertainty is evident in how policymakers have considered the information privacy law issues inherent in the three policy vectors. We contend that the CDR could give rise to definitional problems with regulated data, duplicated privacy and security protections and a conceptually challenging regulatory framework. In conclusion, we suggest potential solutions that would assist with the operation of the CDR within Australia’s broader information privacy law framework, governed by the Privacy Act 1988 (Cth), which would also better align with the General Data Protection Regulation (GDPR).
{"title":"Australia’s Consumer Data Right and the uncertain role of information privacy law","authors":"Mark Burdon, Tom Mackie","doi":"10.1093/idpl/ipaa008","DOIUrl":"https://doi.org/10.1093/idpl/ipaa008","url":null,"abstract":"Data portability rights are viewed by policymakers worldwide as a significant legal innovation to stimulate competitive digital economies. These rights allow consumers and businesses to seamlessly receive and transfer data for commercialization and efficiency purposes. The newly implemented Australian Consumer Data Right (CDR) provides an illuminating example of the complex relationship between information privacy and competition law which is central to data portability initiatives. The CDR grants consumers and businesses access and transfer rights for consumer data in the Australian banking, energy, and telecommunications sectors, through the implementation of mandated API standards. There are three policy vectors at the heart of the CDR that parallel previous Australian, UK, and EU data portability developments. They are the type of regulated data covered by the CDR scheme, privacy and security protections and the overarching regulatory framework. We argue that the CDR, and its antecedents, primarily construct data portability as a competition law measure. However, while the general policy intention of the CDR is clear, we contend that the scheme reveals an uncertain role for information privacy law as part of its operation. Uncertainty is evident in how policymakers have considered the information privacy law issues inherent in the three policy vectors. We contend that the CDR could give rise to definitional problems with regulated data, duplicated privacy and security protections and a conceptually challenging regulatory framework. In conclusion, we suggest potential solutions that would assist with the operation of the CDR within Australia’s broader information privacy law framework, governed by the Privacy Act 1988 (Cth), which would also better align with the General Data Protection Regulation (GDPR).","PeriodicalId":51749,"journal":{"name":"International Data Privacy Law","volume":"13 1","pages":"222-235"},"PeriodicalIF":2.1,"publicationDate":"2020-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"85503740","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Governing machine-learning models: challenging the personal data presumption","authors":"M. Leiser, F. Dechesne","doi":"10.1093/idpl/ipaa009","DOIUrl":"https://doi.org/10.1093/idpl/ipaa009","url":null,"abstract":"","PeriodicalId":51749,"journal":{"name":"International Data Privacy Law","volume":"8 1","pages":"187-200"},"PeriodicalIF":2.1,"publicationDate":"2020-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"84188187","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The EU and the US kicked off negotiations in September 2019 for the conclusion of a very important agreement on LEA access to data. This is the first article to present the context of these negotiations and the numerous challenges surrounding them. �There are strong divergences between the EU and the US about what the scope and the architecture of this agreement should be. The US government supports the conclusion of a “framework agreement” with the EU to be followed by bilateral agreements with EU Member States – in order to satisfy CLOUD Act requirements. The EU wishes to arrive at a self-standing, EU-wide comprehensive agreement and is opposed to solutions that might lead to fragmentation and unequal treatment between EU Member States. �This article presents a detailed EU Law perspective on all these issues, and refers to relevant precedents concerning the conclusion of law enforcement, data-related or other international agreements. It discusses the division of competence on e-evidence between the EU and its Members States; possible architecture for the agreement and options under EU Law; and the role of the respective European Institutions (Commission, Council, Parliament) in the negotiation and conclusion of such an agreement. �The article also studies, using existing case law, what the role of the CJEU could be in relation to such an EU-US e-evidence Agreement. �The article will be useful to anyone interested in transatlantic data flows as well as judicial cooperation matters and, beyond its specific scope, could be used as a real “guide” to EU Law procedures, options and precedents in relation to the conclusion of international data-related agreements. � �NB: This is a pre-copyedited, preprint version of an article accepted for publication in International Data Privacy Law following peer review. The final and updated version will be published here: https://academic.oup.com/idpl. The final version also includes a post-scriptum examining what the effects could be of the July 16th, 2020 Schrems II Judgment of the CJEU on the ongoing EU-US negotiations, as well as the relevance of the October 6th, 2020 data retention/collection judgments of the CJEU.
{"title":"EU–US negotiations on law enforcement access to data: divergences, challenges and EU law procedures and options","authors":"T. Christakis, Fabien Terpan","doi":"10.1093/IDPL/IPAA022","DOIUrl":"https://doi.org/10.1093/IDPL/IPAA022","url":null,"abstract":"The EU and the US kicked off negotiations in September 2019 for the conclusion of a very important agreement on LEA access to data. This is the first article to present the context of these negotiations and the numerous challenges surrounding them. \u0000There are strong divergences between the EU and the US about what the scope and the architecture of this agreement should be. The US government supports the conclusion of a “framework agreement” with the EU to be followed by bilateral agreements with EU Member States – in order to satisfy CLOUD Act requirements. The EU wishes to arrive at a self-standing, EU-wide comprehensive agreement and is opposed to solutions that might lead to fragmentation and unequal treatment between EU Member States. \u0000This article presents a detailed EU Law perspective on all these issues, and refers to relevant precedents concerning the conclusion of law enforcement, data-related or other international agreements. It discusses the division of competence on e-evidence between the EU and its Members States; possible architecture for the agreement and options under EU Law; and the role of the respective European Institutions (Commission, Council, Parliament) in the negotiation and conclusion of such an agreement. \u0000The article also studies, using existing case law, what the role of the CJEU could be in relation to such an EU-US e-evidence Agreement. \u0000The article will be useful to anyone interested in transatlantic data flows as well as judicial cooperation matters and, beyond its specific scope, could be used as a real “guide” to EU Law procedures, options and precedents in relation to the conclusion of international data-related agreements. \u0000 \u0000NB: This is a pre-copyedited, preprint version of an article accepted for publication in International Data Privacy Law following peer review. The final and updated version will be published here: https://academic.oup.com/idpl. The final version also includes a post-scriptum examining what the effects could be of the July 16th, 2020 Schrems II Judgment of the CJEU on the ongoing EU-US negotiations, as well as the relevance of the October 6th, 2020 data retention/collection judgments of the CJEU.","PeriodicalId":51749,"journal":{"name":"International Data Privacy Law","volume":"7 1","pages":""},"PeriodicalIF":2.1,"publicationDate":"2020-06-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"89336391","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Protecting information rights in South Africa: the strategic oversight roles of the South African Human Rights Commission and the Information Regulator","authors":"R. Adams, F. Adeleke","doi":"10.1093/idpl/ipz022","DOIUrl":"https://doi.org/10.1093/idpl/ipz022","url":null,"abstract":"","PeriodicalId":51749,"journal":{"name":"International Data Privacy Law","volume":"113 1","pages":"146-159"},"PeriodicalIF":2.1,"publicationDate":"2020-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"79403434","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
C. Staunton, R. Adams, Dominique Anderson, Talishiea Croxton, Dorcas Kamuya, M. Munene, C. Swanepoel
• The Protection of Personal Information Act (POPIA) [No.4 of 2013] is the first comprehensive data protection regulation to be passed in South Africa and it gives effect to the right to informational privacy derived from the constitutional right to privacy. �• It is due to come into force in 2020, and seeks to regulate the processing of personal information in South Africa, regulate the flow of personal information across South Africa’s borders, and ensure that any limitations on the right to privacy are justified and aimed at protecting other important rights and interests. �• Although it was not drafted with health research in mind, POPIA will have an impact on the sharing of health data for research, in particular biorepositories. �• It is now timely to consider the impact of POPIA on biorepositories, and the necessary changes to their access and sharing arrangements prior to POPIA coming into force.
{"title":"Protection of Personal Information Act 2013 and data protection for health research in South Africa","authors":"C. Staunton, R. Adams, Dominique Anderson, Talishiea Croxton, Dorcas Kamuya, M. Munene, C. Swanepoel","doi":"10.1093/idpl/ipz024","DOIUrl":"https://doi.org/10.1093/idpl/ipz024","url":null,"abstract":"• The Protection of Personal Information Act (POPIA) [No.4 of 2013] is the first comprehensive data protection regulation to be passed in South Africa and it gives effect to the right to informational privacy derived from the constitutional right to privacy. \u0000• It is due to come into force in 2020, and seeks to regulate the processing of personal information in South Africa, regulate the flow of personal information across South Africa’s borders, and ensure that any limitations on the right to privacy are justified and aimed at protecting other important rights and interests. \u0000• Although it was not drafted with health research in mind, POPIA will have an impact on the sharing of health data for research, in particular biorepositories. \u0000• It is now timely to consider the impact of POPIA on biorepositories, and the necessary changes to their access and sharing arrangements prior to POPIA coming into force.","PeriodicalId":51749,"journal":{"name":"International Data Privacy Law","volume":"103 1","pages":"160-179"},"PeriodicalIF":2.1,"publicationDate":"2020-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"77917544","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Biobanking and data transfer between the EU and Cape Verde, Mauritius, Morocco, Senegal, and Tunisia: adequacy considerations and Convention 108","authors":"S. Slokenberga","doi":"10.1093/IDPL/IPAA006","DOIUrl":"https://doi.org/10.1093/IDPL/IPAA006","url":null,"abstract":"","PeriodicalId":51749,"journal":{"name":"International Data Privacy Law","volume":"530 1","pages":"132-145"},"PeriodicalIF":2.1,"publicationDate":"2020-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"77695237","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Regulating health research and respecting data protection: a global dialogue","authors":"N. Ni Loideain","doi":"10.1093/idpl/ipaa010","DOIUrl":"https://doi.org/10.1093/idpl/ipaa010","url":null,"abstract":"","PeriodicalId":51749,"journal":{"name":"International Data Privacy Law","volume":"20 1","pages":""},"PeriodicalIF":2.1,"publicationDate":"2020-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"84638895","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Dominique Anderson, Oluwafemi Peter Abiodun, A. Christoffels
{"title":"Information security at South African universities—implications for biomedical research","authors":"Dominique Anderson, Oluwafemi Peter Abiodun, A. Christoffels","doi":"10.1093/idpl/ipaa007","DOIUrl":"https://doi.org/10.1093/idpl/ipaa007","url":null,"abstract":"","PeriodicalId":51749,"journal":{"name":"International Data Privacy Law","volume":"38 1","pages":"180-186"},"PeriodicalIF":2.1,"publicationDate":"2020-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"72798449","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Key Points: * Global data flows underpinning cross-border digital trade have moved centre stage in international trade negotiations. New trade law disciplines on the free flow of data are included in a number of international trade deals. * The European Union (EU) has a key role to play in the global governance of the protection of personal data. The EU’s strict data protection regime has sometimes been framed as a digital trade barrier. * This article juxtaposes the EU’s governance of fundamental rights to privacy and data protection with external trade policy on cross-border data flows. * The process of aligning EU’s normative approach to personal data protection with its external trade policy has been, until very recently, riddled with contradictions. * The article concludes with an assessment of the EU’s recent horizontal strategy on cross-border data flows and personal data protection in trade and investment agreements, which aims to align EU external policy.
{"title":"Pitching trade against privacy: reconciling EU governance of personal data flows with external trade","authors":"Svetlana Yakovleva, Kristina Irion","doi":"10.1093/idpl/ipaa003","DOIUrl":"https://doi.org/10.1093/idpl/ipaa003","url":null,"abstract":"Key Points: * Global data flows underpinning cross-border digital trade have moved centre stage in international trade negotiations. New trade law disciplines on the free flow of data are included in a number of international trade deals. * The European Union (EU) has a key role to play in the global governance of the protection of personal data. The EU’s strict data protection regime has sometimes been framed as a digital trade barrier. * This article juxtaposes the EU’s governance of fundamental rights to privacy and data protection with external trade policy on cross-border data flows. * The process of aligning EU’s normative approach to personal data protection with its external trade policy has been, until very recently, riddled with contradictions. * The article concludes with an assessment of the EU’s recent horizontal strategy on cross-border data flows and personal data protection in trade and investment agreements, which aims to align EU external policy.","PeriodicalId":51749,"journal":{"name":"International Data Privacy Law","volume":"3 1","pages":""},"PeriodicalIF":2.1,"publicationDate":"2020-03-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"85649316","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: