In early 2020, South Korea’s legislature made amendments to major laws in the area of data protection in order to, among others, promote the utilization of pseudonymised personal data. With these amendments, pseudonymised personal data can be processed, without consent from data subjects, for archiving purposes, scientific research purposes, or statistical purposes. Arguably, these amendments are largely inspired by the relevant provisions contained in the EU GDPR, although details differ between GDPR and South Korea’s amended statutes. One unique aspect of South Korea’s amended statutes is that they introduce a scheme under which designated agencies carry out the task of combining pseudonymised data that different entities possess.
{"title":"How to de-identify personal data in South Korea: an evolutionary tale","authors":"Haksoo Ko","doi":"10.1093/idpl/ipaa015","DOIUrl":"https://doi.org/10.1093/idpl/ipaa015","url":null,"abstract":"In early 2020, South Korea’s legislature made amendments to major laws in the area of data protection in order to, among others, promote the utilization of pseudonymised personal data. With these amendments, pseudonymised personal data can be processed, without consent from data subjects, for archiving purposes, scientific research purposes, or statistical purposes. Arguably, these amendments are largely inspired by the relevant provisions contained in the EU GDPR, although details differ between GDPR and South Korea’s amended statutes. One unique aspect of South Korea’s amended statutes is that they introduce a scheme under which designated agencies carry out the task of combining pseudonymised data that different entities possess.","PeriodicalId":51749,"journal":{"name":"International Data Privacy Law","volume":"8 1","pages":""},"PeriodicalIF":2.1,"publicationDate":"2020-08-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"80530073","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Mere access to personal data: is it processing?","authors":"A. Schreiber","doi":"10.1093/idpl/ipaa005","DOIUrl":"https://doi.org/10.1093/idpl/ipaa005","url":null,"abstract":"","PeriodicalId":51749,"journal":{"name":"International Data Privacy Law","volume":"113 1","pages":"269-277"},"PeriodicalIF":2.1,"publicationDate":"2020-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"84900166","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"To track or not to track? Employees’ data privacy in the age of corporate wellness, mobile health, and GDPR†","authors":"C. B. Olsen","doi":"10.1093/idpl/ipaa004","DOIUrl":"https://doi.org/10.1093/idpl/ipaa004","url":null,"abstract":"","PeriodicalId":51749,"journal":{"name":"International Data Privacy Law","volume":"6 1","pages":"236-252"},"PeriodicalIF":2.1,"publicationDate":"2020-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"91336659","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Governing machine-learning models: challenging the personal data presumption","authors":"M. Leiser, F. Dechesne","doi":"10.1093/idpl/ipaa009","DOIUrl":"https://doi.org/10.1093/idpl/ipaa009","url":null,"abstract":"","PeriodicalId":51749,"journal":{"name":"International Data Privacy Law","volume":"8 1","pages":"187-200"},"PeriodicalIF":2.1,"publicationDate":"2020-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"84188187","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Data portability rights are viewed by policymakers worldwide as a significant legal innovation to stimulate competitive digital economies. These rights allow consumers and businesses to seamlessly receive and transfer data for commercialization and efficiency purposes. The newly implemented Australian Consumer Data Right (CDR) provides an illuminating example of the complex relationship between information privacy and competition law which is central to data portability initiatives. The CDR grants consumers and businesses access and transfer rights for consumer data in the Australian banking, energy, and telecommunications sectors, through the implementation of mandated API standards. There are three policy vectors at the heart of the CDR that parallel previous Australian, UK, and EU data portability developments. They are the type of regulated data covered by the CDR scheme, privacy and security protections and the overarching regulatory framework. We argue that the CDR, and its antecedents, primarily construct data portability as a competition law measure. However, while the general policy intention of the CDR is clear, we contend that the scheme reveals an uncertain role for information privacy law as part of its operation. Uncertainty is evident in how policymakers have considered the information privacy law issues inherent in the three policy vectors. We contend that the CDR could give rise to definitional problems with regulated data, duplicated privacy and security protections and a conceptually challenging regulatory framework. In conclusion, we suggest potential solutions that would assist with the operation of the CDR within Australia’s broader information privacy law framework, governed by the Privacy Act 1988 (Cth), which would also better align with the General Data Protection Regulation (GDPR).
{"title":"Australia’s Consumer Data Right and the uncertain role of information privacy law","authors":"Mark Burdon, Tom Mackie","doi":"10.1093/idpl/ipaa008","DOIUrl":"https://doi.org/10.1093/idpl/ipaa008","url":null,"abstract":"Data portability rights are viewed by policymakers worldwide as a significant legal innovation to stimulate competitive digital economies. These rights allow consumers and businesses to seamlessly receive and transfer data for commercialization and efficiency purposes. The newly implemented Australian Consumer Data Right (CDR) provides an illuminating example of the complex relationship between information privacy and competition law which is central to data portability initiatives. The CDR grants consumers and businesses access and transfer rights for consumer data in the Australian banking, energy, and telecommunications sectors, through the implementation of mandated API standards. There are three policy vectors at the heart of the CDR that parallel previous Australian, UK, and EU data portability developments. They are the type of regulated data covered by the CDR scheme, privacy and security protections and the overarching regulatory framework. We argue that the CDR, and its antecedents, primarily construct data portability as a competition law measure. However, while the general policy intention of the CDR is clear, we contend that the scheme reveals an uncertain role for information privacy law as part of its operation. Uncertainty is evident in how policymakers have considered the information privacy law issues inherent in the three policy vectors. We contend that the CDR could give rise to definitional problems with regulated data, duplicated privacy and security protections and a conceptually challenging regulatory framework. In conclusion, we suggest potential solutions that would assist with the operation of the CDR within Australia’s broader information privacy law framework, governed by the Privacy Act 1988 (Cth), which would also better align with the General Data Protection Regulation (GDPR).","PeriodicalId":51749,"journal":{"name":"International Data Privacy Law","volume":"13 1","pages":"222-235"},"PeriodicalIF":2.1,"publicationDate":"2020-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"85503740","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The EU and the US kicked off negotiations in September 2019 for the conclusion of a very important agreement on LEA access to data. This is the first article to present the context of these negotiations and the numerous challenges surrounding them. �There are strong divergences between the EU and the US about what the scope and the architecture of this agreement should be. The US government supports the conclusion of a “framework agreement” with the EU to be followed by bilateral agreements with EU Member States – in order to satisfy CLOUD Act requirements. The EU wishes to arrive at a self-standing, EU-wide comprehensive agreement and is opposed to solutions that might lead to fragmentation and unequal treatment between EU Member States. �This article presents a detailed EU Law perspective on all these issues, and refers to relevant precedents concerning the conclusion of law enforcement, data-related or other international agreements. It discusses the division of competence on e-evidence between the EU and its Members States; possible architecture for the agreement and options under EU Law; and the role of the respective European Institutions (Commission, Council, Parliament) in the negotiation and conclusion of such an agreement. �The article also studies, using existing case law, what the role of the CJEU could be in relation to such an EU-US e-evidence Agreement. �The article will be useful to anyone interested in transatlantic data flows as well as judicial cooperation matters and, beyond its specific scope, could be used as a real “guide” to EU Law procedures, options and precedents in relation to the conclusion of international data-related agreements. � �NB: This is a pre-copyedited, preprint version of an article accepted for publication in International Data Privacy Law following peer review. The final and updated version will be published here: https://academic.oup.com/idpl. The final version also includes a post-scriptum examining what the effects could be of the July 16th, 2020 Schrems II Judgment of the CJEU on the ongoing EU-US negotiations, as well as the relevance of the October 6th, 2020 data retention/collection judgments of the CJEU.
{"title":"EU–US negotiations on law enforcement access to data: divergences, challenges and EU law procedures and options","authors":"T. Christakis, Fabien Terpan","doi":"10.1093/IDPL/IPAA022","DOIUrl":"https://doi.org/10.1093/IDPL/IPAA022","url":null,"abstract":"The EU and the US kicked off negotiations in September 2019 for the conclusion of a very important agreement on LEA access to data. This is the first article to present the context of these negotiations and the numerous challenges surrounding them. \u0000There are strong divergences between the EU and the US about what the scope and the architecture of this agreement should be. The US government supports the conclusion of a “framework agreement” with the EU to be followed by bilateral agreements with EU Member States – in order to satisfy CLOUD Act requirements. The EU wishes to arrive at a self-standing, EU-wide comprehensive agreement and is opposed to solutions that might lead to fragmentation and unequal treatment between EU Member States. \u0000This article presents a detailed EU Law perspective on all these issues, and refers to relevant precedents concerning the conclusion of law enforcement, data-related or other international agreements. It discusses the division of competence on e-evidence between the EU and its Members States; possible architecture for the agreement and options under EU Law; and the role of the respective European Institutions (Commission, Council, Parliament) in the negotiation and conclusion of such an agreement. \u0000The article also studies, using existing case law, what the role of the CJEU could be in relation to such an EU-US e-evidence Agreement. \u0000The article will be useful to anyone interested in transatlantic data flows as well as judicial cooperation matters and, beyond its specific scope, could be used as a real “guide” to EU Law procedures, options and precedents in relation to the conclusion of international data-related agreements. \u0000 \u0000NB: This is a pre-copyedited, preprint version of an article accepted for publication in International Data Privacy Law following peer review. The final and updated version will be published here: https://academic.oup.com/idpl. The final version also includes a post-scriptum examining what the effects could be of the July 16th, 2020 Schrems II Judgment of the CJEU on the ongoing EU-US negotiations, as well as the relevance of the October 6th, 2020 data retention/collection judgments of the CJEU.","PeriodicalId":51749,"journal":{"name":"International Data Privacy Law","volume":"7 1","pages":""},"PeriodicalIF":2.1,"publicationDate":"2020-06-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"89336391","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Protecting information rights in South Africa: the strategic oversight roles of the South African Human Rights Commission and the Information Regulator","authors":"R. Adams, F. Adeleke","doi":"10.1093/idpl/ipz022","DOIUrl":"https://doi.org/10.1093/idpl/ipz022","url":null,"abstract":"","PeriodicalId":51749,"journal":{"name":"International Data Privacy Law","volume":"113 1","pages":"146-159"},"PeriodicalIF":2.1,"publicationDate":"2020-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"79403434","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
C. Staunton, R. Adams, Dominique Anderson, Talishiea Croxton, Dorcas Kamuya, M. Munene, C. Swanepoel
• The Protection of Personal Information Act (POPIA) [No.4 of 2013] is the first comprehensive data protection regulation to be passed in South Africa and it gives effect to the right to informational privacy derived from the constitutional right to privacy. �• It is due to come into force in 2020, and seeks to regulate the processing of personal information in South Africa, regulate the flow of personal information across South Africa’s borders, and ensure that any limitations on the right to privacy are justified and aimed at protecting other important rights and interests. �• Although it was not drafted with health research in mind, POPIA will have an impact on the sharing of health data for research, in particular biorepositories. �• It is now timely to consider the impact of POPIA on biorepositories, and the necessary changes to their access and sharing arrangements prior to POPIA coming into force.
{"title":"Protection of Personal Information Act 2013 and data protection for health research in South Africa","authors":"C. Staunton, R. Adams, Dominique Anderson, Talishiea Croxton, Dorcas Kamuya, M. Munene, C. Swanepoel","doi":"10.1093/idpl/ipz024","DOIUrl":"https://doi.org/10.1093/idpl/ipz024","url":null,"abstract":"• The Protection of Personal Information Act (POPIA) [No.4 of 2013] is the first comprehensive data protection regulation to be passed in South Africa and it gives effect to the right to informational privacy derived from the constitutional right to privacy. \u0000• It is due to come into force in 2020, and seeks to regulate the processing of personal information in South Africa, regulate the flow of personal information across South Africa’s borders, and ensure that any limitations on the right to privacy are justified and aimed at protecting other important rights and interests. \u0000• Although it was not drafted with health research in mind, POPIA will have an impact on the sharing of health data for research, in particular biorepositories. \u0000• It is now timely to consider the impact of POPIA on biorepositories, and the necessary changes to their access and sharing arrangements prior to POPIA coming into force.","PeriodicalId":51749,"journal":{"name":"International Data Privacy Law","volume":"103 1","pages":"160-179"},"PeriodicalIF":2.1,"publicationDate":"2020-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"77917544","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Biobanking and data transfer between the EU and Cape Verde, Mauritius, Morocco, Senegal, and Tunisia: adequacy considerations and Convention 108","authors":"S. Slokenberga","doi":"10.1093/IDPL/IPAA006","DOIUrl":"https://doi.org/10.1093/IDPL/IPAA006","url":null,"abstract":"","PeriodicalId":51749,"journal":{"name":"International Data Privacy Law","volume":"530 1","pages":"132-145"},"PeriodicalIF":2.1,"publicationDate":"2020-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"77695237","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Regulating health research and respecting data protection: a global dialogue","authors":"N. Ni Loideain","doi":"10.1093/idpl/ipaa010","DOIUrl":"https://doi.org/10.1093/idpl/ipaa010","url":null,"abstract":"","PeriodicalId":51749,"journal":{"name":"International Data Privacy Law","volume":"20 1","pages":""},"PeriodicalIF":2.1,"publicationDate":"2020-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"84638895","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: