{"title":"欧盟《一般数据保护条例》中的“设计隐私”:新的隐私标准还是皇帝的新衣?","authors":"D. Donnelly","doi":"10.47348/salj/v139/i3a4","DOIUrl":null,"url":null,"abstract":"Privacy by design (‘PbD’) is a conceptual framework that has been widely adopted as a helpful, practical framework for organisations to ‘translate’ legal data protection principles into concrete technical design and organisational policies. It can offer a harmonising framework for multiple, overlapping legal compliance obligations. Privacy is engineered directly into the design of new technologies, as a default setting, while still achieving full functionality. The article explains the seven foundational principles of the concept with detailed cross reference to the relevant conditions of lawful processing under the Protection of Personal Information Act 4 of 2013 (‘POPIA’), offering the first in-depth analysis of PbD in a South African context. PbD is now an express legal obligation in art 25 of the European Union’s General Data Protection Regulation (2016). The article sketches the background to that important development and provides an in-depth critique of the three key shortcomings of art 25. It recommends that instead of following the EU example, South Africa’s Information Regulator could promote the adoption of PbD through a guidance note and in approved codes of conduct. It concludes that a PbD approach is already (albeit only impliedly) required for compliance with the conditions of lawful processing under POPIA.","PeriodicalId":39313,"journal":{"name":"South African law journal","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"‘Privacy by design’ in the EU General Data Protection Regulation: A new privacy standard or the Emperor’s new clothes?\",\"authors\":\"D. Donnelly\",\"doi\":\"10.47348/salj/v139/i3a4\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Privacy by design (‘PbD’) is a conceptual framework that has been widely adopted as a helpful, practical framework for organisations to ‘translate’ legal data protection principles into concrete technical design and organisational policies. It can offer a harmonising framework for multiple, overlapping legal compliance obligations. Privacy is engineered directly into the design of new technologies, as a default setting, while still achieving full functionality. The article explains the seven foundational principles of the concept with detailed cross reference to the relevant conditions of lawful processing under the Protection of Personal Information Act 4 of 2013 (‘POPIA’), offering the first in-depth analysis of PbD in a South African context. PbD is now an express legal obligation in art 25 of the European Union’s General Data Protection Regulation (2016). The article sketches the background to that important development and provides an in-depth critique of the three key shortcomings of art 25. It recommends that instead of following the EU example, South Africa’s Information Regulator could promote the adoption of PbD through a guidance note and in approved codes of conduct. It concludes that a PbD approach is already (albeit only impliedly) required for compliance with the conditions of lawful processing under POPIA.\",\"PeriodicalId\":39313,\"journal\":{\"name\":\"South African law journal\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"South African law journal\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.47348/salj/v139/i3a4\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"Social Sciences\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"South African law journal","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.47348/salj/v139/i3a4","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"Social Sciences","Score":null,"Total":0}
‘Privacy by design’ in the EU General Data Protection Regulation: A new privacy standard or the Emperor’s new clothes?
Privacy by design (‘PbD’) is a conceptual framework that has been widely adopted as a helpful, practical framework for organisations to ‘translate’ legal data protection principles into concrete technical design and organisational policies. It can offer a harmonising framework for multiple, overlapping legal compliance obligations. Privacy is engineered directly into the design of new technologies, as a default setting, while still achieving full functionality. The article explains the seven foundational principles of the concept with detailed cross reference to the relevant conditions of lawful processing under the Protection of Personal Information Act 4 of 2013 (‘POPIA’), offering the first in-depth analysis of PbD in a South African context. PbD is now an express legal obligation in art 25 of the European Union’s General Data Protection Regulation (2016). The article sketches the background to that important development and provides an in-depth critique of the three key shortcomings of art 25. It recommends that instead of following the EU example, South Africa’s Information Regulator could promote the adoption of PbD through a guidance note and in approved codes of conduct. It concludes that a PbD approach is already (albeit only impliedly) required for compliance with the conditions of lawful processing under POPIA.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
