设计和默认的数据保护:解读欧盟的立法要求

Q2 Social Sciences Oslo Law Review Pub Date : 2017-06-20 DOI:10.18261/ISSN.2387-3299-2017-02-03
L. Bygrave
{"title":"设计和默认的数据保护:解读欧盟的立法要求","authors":"L. Bygrave","doi":"10.18261/ISSN.2387-3299-2017-02-03","DOIUrl":null,"url":null,"abstract":"In this paper, a critical examination is conducted of Article 25 of the European Union’s General Data Protection Regulation (Regulation 2016/679). Bearing the title ‘data protection by design and by default’, Article 25 requires that core data protection principles be integrated into the design and development of systems for processing personal data. The paper outlines the rationale and legal heritage of Article 25, and shows how its provisions proffer considerably stronger support for data protection by design and by default than is the case under the 1995 Data Protection Directive (Directive 95/46/EC). The paper further shows that this strengthening of support is in keeping with jurisprudence of the European Court of Human Rights and the Court of Justice of the European Union. Nonetheless, it is herein argued that Article 25 suffers from multiple flaws, in particular a lack of clarity over the parameters and methodologies for achieving its goals, a failure to communicate clearly and directly with those engaged in the engineering of information systems, and a failure to provide the necessary incentives to spur the ‘hardwiring’ of privacy-related interests. Taken together, these flaws will likely hinder the traction of Article 25 requirements on information systems development.","PeriodicalId":36793,"journal":{"name":"Oslo Law Review","volume":"4 1","pages":"105-120"},"PeriodicalIF":0.0000,"publicationDate":"2017-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"58","resultStr":"{\"title\":\"Data Protection by Design and by Default: Deciphering the EU's Legislative Requirements\",\"authors\":\"L. Bygrave\",\"doi\":\"10.18261/ISSN.2387-3299-2017-02-03\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In this paper, a critical examination is conducted of Article 25 of the European Union’s General Data Protection Regulation (Regulation 2016/679). Bearing the title ‘data protection by design and by default’, Article 25 requires that core data protection principles be integrated into the design and development of systems for processing personal data. The paper outlines the rationale and legal heritage of Article 25, and shows how its provisions proffer considerably stronger support for data protection by design and by default than is the case under the 1995 Data Protection Directive (Directive 95/46/EC). The paper further shows that this strengthening of support is in keeping with jurisprudence of the European Court of Human Rights and the Court of Justice of the European Union. Nonetheless, it is herein argued that Article 25 suffers from multiple flaws, in particular a lack of clarity over the parameters and methodologies for achieving its goals, a failure to communicate clearly and directly with those engaged in the engineering of information systems, and a failure to provide the necessary incentives to spur the ‘hardwiring’ of privacy-related interests. Taken together, these flaws will likely hinder the traction of Article 25 requirements on information systems development.\",\"PeriodicalId\":36793,\"journal\":{\"name\":\"Oslo Law Review\",\"volume\":\"4 1\",\"pages\":\"105-120\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-06-20\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"58\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Oslo Law Review\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.18261/ISSN.2387-3299-2017-02-03\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"Social Sciences\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Oslo Law Review","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.18261/ISSN.2387-3299-2017-02-03","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"Social Sciences","Score":null,"Total":0}
引用次数: 58

摘要

本文对欧盟《通用数据保护条例》(第2016/679号条例)第25条进行了严格的审查。第25条的标题是“通过设计和默认的数据保护”,它要求将核心数据保护原则整合到处理个人数据的系统的设计和开发中。本文概述了第25条的基本原理和法律遗产,并展示了其条款如何通过设计和默认方式为数据保护提供比1995年数据保护指令(指令95/46/EC)更强有力的支持。该文件进一步表明,这种加强支持的做法符合欧洲人权法院和欧洲联盟法院的判例。尽管如此,本文认为第25条存在多重缺陷,特别是缺乏实现其目标的参数和方法的明确性,未能与从事信息系统工程的人进行清晰和直接的沟通,以及未能提供必要的激励措施来刺激与隐私相关的利益的“硬连接”。综上所述,这些缺陷可能会阻碍第25条对信息系统开发的要求。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
Data Protection by Design and by Default: Deciphering the EU's Legislative Requirements
In this paper, a critical examination is conducted of Article 25 of the European Union’s General Data Protection Regulation (Regulation 2016/679). Bearing the title ‘data protection by design and by default’, Article 25 requires that core data protection principles be integrated into the design and development of systems for processing personal data. The paper outlines the rationale and legal heritage of Article 25, and shows how its provisions proffer considerably stronger support for data protection by design and by default than is the case under the 1995 Data Protection Directive (Directive 95/46/EC). The paper further shows that this strengthening of support is in keeping with jurisprudence of the European Court of Human Rights and the Court of Justice of the European Union. Nonetheless, it is herein argued that Article 25 suffers from multiple flaws, in particular a lack of clarity over the parameters and methodologies for achieving its goals, a failure to communicate clearly and directly with those engaged in the engineering of information systems, and a failure to provide the necessary incentives to spur the ‘hardwiring’ of privacy-related interests. Taken together, these flaws will likely hinder the traction of Article 25 requirements on information systems development.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
Oslo Law Review
Oslo Law Review Social Sciences-Law
CiteScore
1.00
自引率
0.00%
发文量
5
审稿时长
16 weeks
期刊最新文献
Norwayʼs New Transparency Act: An Overview in Light of International Trends A Sky Full of Stars, Constellations, Satellites and More!Legal Issues for a ‘Darkʼ Sky Liability for Shareholders and Directors of Limited Liability Companies, for CSR-Related Breaches Liability for Shareholders and Directors of Limited Liability Companies, for CSR-Related Breaches The Norwegian Legislation on Social Sustainability: An Overview of the Transparency Act
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1