The European Union General Data Protection Regulation: What It Is And What It Means

The European Union General Data Protection Regulation: What It Is And What It Means external link

Hoofnagle, C.J., van der Sloot, B. & Zuiderveen Borgesius, F.

Information & Communications Technology Law, vol. 2019, 2019

Abstract

This article introduces U.S. lawyers and academics to the normative foundations, attributes, and strategic approach to regulating personal data advanced by the European Union’s General Data Protection Regulation (“GDPR”). We explain the genesis of the GDPR, which is best understood as an extension and refinement of existing requirements imposed by the 1995 Data Protection Directive; describe the GDPR’s approach and provisions; and make predictions about the GDPR’s short and medium-term implications. The GDPR is the most consequential regulatory development in information policy in a generation. The GDPR brings personal data into a detailed and protective regulatory regime, which will influence personal data usage worldwide. Understood properly, the GDPR encourages firms to develop information governance frameworks, to in-house data use, and to keep humans in the loop in decision making. Companies with direct relationships with consumers have strategic advantages under the GDPR, compared to third party advertising firms on the internet. To reach these objectives, the GDPR uses big sticks, structural elements that make proving violations easier, but only a few carrots. The GDPR will complicate and restrain some information-intensive business models. But the GDPR will also enable approaches previously impossible under less-protective approaches.

Links

https://www.tandfonline.com/doi/full/10.1080/13600834.2019.1573501

Consumer Privacy, Data protection, European Union, frontpage, General Data Protection Regulation, Privacy

RIS

TY  - JOUR
AU  - Hoofnagle, C.J.
AU  - van der Sloot, B.
AU  - Zuiderveen Borgesius, F.
PY  - 0212
DA  - 2019-02-12
T1  - The European Union General Data Protection Regulation: What It Is And What It Means
JO  - Information & Communications Technology Law
VL  - 2019
UR  - https://www.tandfonline.com/doi/full/10.1080/13600834.2019.1573501
AB  - This article introduces U.S. lawyers and academics to the normative foundations, attributes, and strategic approach to regulating personal data advanced by the European Union’s General Data Protection Regulation (“GDPR”). We explain the genesis of the GDPR, which is best understood as an extension and refinement of existing requirements imposed by the 1995 Data Protection Directive; describe the GDPR’s approach and provisions; and make predictions about the GDPR’s short and medium-term implications. The GDPR is the most consequential regulatory development in information policy in a generation. The GDPR brings personal data into a detailed and protective regulatory regime, which will influence personal data usage worldwide. Understood properly, the GDPR encourages firms to develop information governance frameworks, to in-house data use, and to keep humans in the loop in decision making. Companies with direct relationships with consumers have strategic advantages under the GDPR, compared to third party advertising firms on the internet. To reach these objectives, the GDPR uses big sticks, structural elements that make proving violations easier, but only a few carrots. The GDPR will complicate and restrain some information-intensive business models. But the GDPR will also enable approaches previously impossible under less-protective approaches.
K1  - Consumer Privacy
K1  - Data protection
K1  - European Union
K1  - frontpage
K1  - General Data Protection Regulation
K1  - Privacy
ER  -

Save .RIS

Bibtex

Article{Hoofnagle2018,
	title = {The European Union General Data Protection Regulation: What It Is And What It Means},
	author = {Hoofnagle, C.J. and van der Sloot, B. and Zuiderveen Borgesius, F.},
	year = {0212},
	date = {2019-02-12},
	journal = {Information & Communications Technology Law},
	volume = {2019},
	abstract = {This article introduces U.S. lawyers and academics to the normative foundations, attributes, and strategic approach to regulating personal data advanced by the European Union’s General Data Protection Regulation (“GDPR”). We explain the genesis of the GDPR, which is best understood as an extension and refinement of existing requirements imposed by the 1995 Data Protection Directive; describe the GDPR’s approach and provisions; and make predictions about the GDPR’s short and medium-term implications. The GDPR is the most consequential regulatory development in information policy in a generation. The GDPR brings personal data into a detailed and protective regulatory regime, which will influence personal data usage worldwide. Understood properly, the GDPR encourages firms to develop information governance frameworks, to in-house data use, and to keep humans in the loop in decision making. Companies with direct relationships with consumers have strategic advantages under the GDPR, compared to third party advertising firms on the internet. To reach these objectives, the GDPR uses big sticks, structural elements that make proving violations easier, but only a few carrots. The GDPR will complicate and restrain some information-intensive business models. But the GDPR will also enable approaches previously impossible under less-protective approaches.},
	keywords = {Consumer Privacy, Data protection, European Union, frontpage, General Data Protection Regulation, Privacy},
}

Save .bib

Het kabinet past bescheidenheid bij uitvoering van de inlichtingenwet external link

Arnbak, A.

Het Financieele Dagblad, vol. 2018, 2018

Links

https://axelarnbak.nl/2018/03/25/46e-fd-column-het-kabinet-past-bescheidenheid-bij-uitvoering-van-de-inlichtingenwet/

Data protection, ECHR, frontpage, overheid, referendum, Surveillance, Wet op de inlichtingen- en veiligheidsdiensten (Wiv), wiretapping

RIS

Save .RIS

Bibtex

Save .bib

Should Fundamental Rights to Privacy and Data Protection be a Part of the EU’s International Trade "Deals"? external link

Yakovleva, S.

World Trade Review, vol. 2018, pp: 477-508, 2017

Abstract

This article discusses ways in which the General Agreement on Trade in Services (GATS) and post-GATS free trade agreements may limit the EU's ability to regulate privacy and personal data protection as fundamental rights. After discussing this issue in two dimensions – the vertical relationship between trade and national and European Union (EU) law, and the horizontal relationship between trade and human rights law – the author concludes that these limits are real and pose serious risks. Inspired by recent developments in safeguarding labour, and environmental standards and sustainable development, the article argues that privacy and personal data protection should be part of, and protected by, international trade deals made by the EU. The EU should negotiate future international trade agreements with the objective of allowing them to reflect the normative foundations of privacy and personal data protection. This article suggests a specific way to achieve this objective.

Links

Data protection, European Union, frontpage, Fundamental rights, international trade, Privacy

RIS

TY  - JOUR
AU  - Yakovleva, S.
PY  - 1109
DA  - 2017-11-09
T1  - Should Fundamental Rights to Privacy and Data Protection be a Part of the EU’s International Trade "Deals"?
JO  - World Trade Review
VL  - 2018
SP  - 477-508
UR  - https://www.ivir.nl/publicaties/download/WTR_2018.pdf
DO  - https://doi.org/https://doi.org/10.1017/S1474745617000453
AB  - This article discusses ways in which the General Agreement on Trade in Services (GATS) and post-GATS free trade agreements may limit the EU\'s ability to regulate privacy and personal data protection as fundamental rights. After discussing this issue in two dimensions – the vertical relationship between trade and national and European Union (EU) law, and the horizontal relationship between trade and human rights law – the author concludes that these limits are real and pose serious risks.
Inspired by recent developments in safeguarding labour, and environmental standards and sustainable development, the article argues that privacy and personal data protection should be part of, and protected by, international trade deals made by the EU. The EU should negotiate future international trade agreements with the objective of allowing them to reflect the normative foundations of privacy and personal data protection. This article suggests a specific way to achieve this objective.
K1  - Data protection
K1  - European Union
K1  - frontpage
K1  - Fundamental rights
K1  - international trade
K1  - Privacy
ER  -

Save .RIS

Bibtex

Article{Yakovleva2017b,
	title = {Should Fundamental Rights to Privacy and Data Protection be a Part of the EU’s International Trade "Deals"?},
	author = {Yakovleva, S.},
	doi = {https://doi.org/https://doi.org/10.1017/S1474745617000453},
	year = {1109},
	date = {2017-11-09},
	journal = {World Trade Review},
	volume = {2018},
	pages = {477-508},
	abstract = {This article discusses ways in which the General Agreement on Trade in Services (GATS) and post-GATS free trade agreements may limit the EU\'s ability to regulate privacy and personal data protection as fundamental rights. After discussing this issue in two dimensions – the vertical relationship between trade and national and European Union (EU) law, and the horizontal relationship between trade and human rights law – the author concludes that these limits are real and pose serious risks.
Inspired by recent developments in safeguarding labour, and environmental standards and sustainable development, the article argues that privacy and personal data protection should be part of, and protected by, international trade deals made by the EU. The EU should negotiate future international trade agreements with the objective of allowing them to reflect the normative foundations of privacy and personal data protection. This article suggests a specific way to achieve this objective.},
	keywords = {Data protection, European Union, frontpage, Fundamental rights, international trade, Privacy},
}

Save .bib

Book Review: The Crisis of Presence in Contemporary Culture external link

Sax, M.

European Data Protection Law Review, vol. 3, num: 2, pp: 293-296, 2017

Links

book review, Data protection, ethics, phenomenology, presence, Privacy, property

RIS

Save .RIS

Bibtex

Save .bib

The Weeping Angels are back, and they attack our privacy via smart TVs external link

Irion, K. & Helberger, N.

2017

Links

https://policyreview.info/articles/news/weeping-angels-are-back-and-they-attack-our-privacy-smart-tvs/451

CIA, Data protection, e-Privacy regulation, Freedom of expression, frontpage, Internet, Privacy, Smart TV

RIS

Save .RIS

Bibtex

Save .bib

The Golden Age of Personal Data: How to Regulate an Enabling Fundamental Right? external link

Oostveen, M. & Irion, K.

2016

Abstract

New technologies, purposes and applications to process individual’s personal data are developed on a massive scale. But we have not only entered the ‘golden age of personal data’ in terms of its exploitation: ours is also the ‘golden age of personal data’ in terms of regulation of its use. In this contribution, we explain how regulating the processing of an individual’s personal data can be a proxy of intervention, which directly or indirectly could benefit other individual rights and freedoms. Understood as an enabling right, the architecture of EU data protection law is capable of protecting against many of the negative short- and long-term effects of contemporary data processing. The new General Data Protection Regulation certainly strengthens aspects of this core architecture but certain regulatory innovations to cope with technological advancements and the data-driven economy appear less capably of yielding broad protection for individuals fundamental rights and freedoms. We conclude that from the perspective of protecting individual fundamental rights and freedoms, it would be worthwhile to explore alternative (legal) approaches of individual protection in contemporary data processing.

Links

Big data, Data protection, enabling fundamental rights, EU law, General Data Protection Regulation, Privacy

RIS

TY  - JOUR
AU  - Oostveen, M.
AU  - Irion, K.
PY  - 1215
DA  - 2016-12-15
T1  - The Golden Age of Personal Data: How to Regulate an Enabling Fundamental Right?
AB  - New technologies, purposes and applications to process individual’s personal data are developed on a massive scale. But we have not only entered the ‘golden age of personal data’ in terms of its exploitation: ours is also the ‘golden age of personal data’ in terms of regulation of its use. In this contribution, we explain how regulating the processing of an individual’s personal data can be a proxy of intervention, which directly or indirectly could benefit other individual rights and freedoms. Understood as an enabling right, the architecture of EU data protection law is capable of protecting against many of the negative short- and long-term effects of contemporary data processing. The new General Data Protection Regulation certainly strengthens aspects of this core architecture but certain regulatory innovations to cope with technological advancements and the data-driven economy appear less capably of yielding broad protection for individuals fundamental rights and freedoms. We conclude that from the perspective of protecting individual fundamental rights and freedoms, it would be worthwhile to explore alternative (legal) approaches of individual protection in contemporary data processing.
K1  - Big data
K1  - Data protection
K1  - enabling fundamental rights
K1  - EU law
K1  - General Data Protection Regulation
K1  - Privacy
ER  -

Save .RIS

Bibtex

Article{Oostveen2016b,
	title = {The Golden Age of Personal Data: How to Regulate an Enabling Fundamental Right?},
	author = {Oostveen, M. and Irion, K.},
	year = {1215},
	date = {2016-12-15},
	abstract = {New technologies, purposes and applications to process individual’s personal data are developed on a massive scale. But we have not only entered the ‘golden age of personal data’ in terms of its exploitation: ours is also the ‘golden age of personal data’ in terms of regulation of its use. In this contribution, we explain how regulating the processing of an individual’s personal data can be a proxy of intervention, which directly or indirectly could benefit other individual rights and freedoms. Understood as an enabling right, the architecture of EU data protection law is capable of protecting against many of the negative short- and long-term effects of contemporary data processing. The new General Data Protection Regulation certainly strengthens aspects of this core architecture but certain regulatory innovations to cope with technological advancements and the data-driven economy appear less capably of yielding broad protection for individuals fundamental rights and freedoms. We conclude that from the perspective of protecting individual fundamental rights and freedoms, it would be worthwhile to explore alternative (legal) approaches of individual protection in contemporary data processing.},
	keywords = {Big data, Data protection, enabling fundamental rights, EU law, General Data Protection Regulation, Privacy},
}

Save .bib

Identifiability and the applicability of data protection to big data external link

Oostveen, M.

International Data Privacy Law, 2016

Abstract

Big data holds much potential, but it can also have a negative impact on individuals, particularly on their privacy and data protection rights. Data protection law is the point of departure in the discussion about big data; it is widely regarded as the answer to big data’s negative consequences. Yet a closer look at the criteria for applicability of EU data protection law reveals a number of weaknesses in the data protection law approach. Because the material scope of EU data protection law is dependent on the identifiability of individual, data protection only partially applies to the big data process. Therefore, in spite of its importance, data protection law is insufficient to protect individuals from big data’s potential harms.

Links

bescherming persoonsgegevens, Big data, Data protection, frontpage, Grondrechten, Personal data, Privacy

RIS

TY  - JOUR
AU  - Oostveen, M.
PY  - 0927
DA  - 2016-09-27
T1  - Identifiability and the applicability of data protection to big data
JO  - International Data Privacy Law
UR  - http://idpl.oxfordjournals.org/content/early/2016/09/06/idpl.ipw012.extract
DO  - https://doi.org/10.1093/idpl/ipw012
AB  - Big data holds much potential, but it can also have a negative impact on individuals, particularly on their privacy and data protection rights. Data protection law is the point of departure in the discussion about big data; it is widely regarded as the answer to big data’s negative consequences. Yet a closer look at the criteria for applicability of EU data protection law reveals a number of weaknesses in the data protection law approach. Because the material scope of EU data protection law is dependent on the identifiability of individual, data protection only partially applies to the big data process. Therefore, in spite of its importance, data protection law is insufficient to protect individuals from big data’s potential harms.
K1  - bescherming persoonsgegevens
K1  - Big data
K1  - Data protection
K1  - frontpage
K1  - Grondrechten
K1  - Personal data
K1  - Privacy
ER  -

Save .RIS

Bibtex

Article{Oostveen2016,
	title = {Identifiability and the applicability of data protection to big data},
	author = {Oostveen, M.},
	doi = {https://doi.org/10.1093/idpl/ipw012},
	year = {0927},
	date = {2016-09-27},
	journal = {International Data Privacy Law},
	abstract = {Big data holds much potential, but it can also have a negative impact on individuals, particularly on their privacy and data protection rights. Data protection law is the point of departure in the discussion about big data; it is widely regarded as the answer to big data’s negative consequences. Yet a closer look at the criteria for applicability of EU data protection law reveals a number of weaknesses in the data protection law approach. Because the material scope of EU data protection law is dependent on the identifiability of individual, data protection only partially applies to the big data process. Therefore, in spite of its importance, data protection law is insufficient to protect individuals from big data’s potential harms.},
	keywords = {bescherming persoonsgegevens, Big data, Data protection, frontpage, Grondrechten, Personal data, Privacy},
}

Save .bib

The Practical and Theoretical Problems with ‘Balancing’: Delfi, Coty and the Redundancy of the Human Rights Framework external link

van der Sloot, B.

Maastricht Journal of European and Comparative Law, num: 3, pp: 439-459., 2016

Abstract

In the realm of privacy and data protection – as in the fundamental rights framework in general – balancing has become the standard approach for dealing with legal disputes. It comes, however, with a number of practical and theoretical problems. Th is article analyses those problems and compares the method of balancing with the original approach of most human rights frameworks, such as the European Convention on Human Rights. It does so by analysing two cases in detail: the European Court of Human Right’s case Delfi v. Estonia and the Court of Justice of the EU’s judgment Coty v. Stadtsparkasse. From this analysis, it follows that the concept of balancing signals a shift away from the deontological and towards a utilitarian understanding of fundamental rights. Th is is not only of theoretical importance, as it could also mean that in time, human rights frameworks as such might become redundant.

Links

http://www.ivir.nl/publicaties/download/1811

balancing, consequentialism, Data protection, frontpage, Mensenrechten, Miscellaneous, Privacy, utilitarianism

RIS

TY  - JOUR
AU  - van der Sloot, B.
PY  - 2016
DA  - 2016-07-14
T1  - The Practical and Theoretical Problems with ‘Balancing’: Delfi, Coty and the Redundancy of the Human Rights Framework
JO  - Maastricht Journal of European and Comparative Law
NV  - 3
SP  - 439-459.
UR  - http://www.ivir.nl/publicaties/download/1811
AB  - In the realm of privacy and data protection – as in the fundamental rights framework in general – balancing has become the standard approach for dealing with legal disputes. It comes, however, with a number of practical and theoretical problems. Th is article analyses those problems and compares the method of balancing with the original approach of most human rights frameworks, such as the European Convention on Human Rights. It does so by analysing two cases in detail: the European Court of Human Right’s case Delfi v. Estonia and the Court of Justice of the EU’s judgment Coty v. Stadtsparkasse. From this analysis, it follows that the concept of balancing signals a shift away from the deontological and towards a utilitarian understanding of fundamental rights. Th is is not only of theoretical importance, as it could also mean that in time, human rights frameworks as such might become redundant.
K1  - balancing
K1  - consequentialism
K1  - Data protection
K1  - frontpage
K1  - Mensenrechten
K1  - Miscellaneous
K1  - Privacy
K1  - utilitarianism
ER  -

Save .RIS

Bibtex

Article{vanderSloot2016,
	title = {The Practical and Theoretical Problems with ‘Balancing’: Delfi, Coty and the Redundancy of the Human Rights Framework},
	author = {van der Sloot, B.},
	year = {2016},
	date = {2016-07-14},
	journal = {Maastricht Journal of European and Comparative Law},
	number = {3},
	pages = {439-459.},
	abstract = {In the realm of privacy and data protection – as in the fundamental rights framework in general – balancing has become the standard approach for dealing with legal disputes. It comes, however, with a number of practical and theoretical problems. Th is article analyses those problems and compares the method of balancing with the original approach of most human rights frameworks, such as the European Convention on Human Rights. It does so by analysing two cases in detail: the European Court of Human Right’s case Delfi v. Estonia and the Court of Justice of the EU’s judgment Coty v. Stadtsparkasse. From this analysis, it follows that the concept of balancing signals a shift away from the deontological and towards a utilitarian understanding of fundamental rights. Th is is not only of theoretical importance, as it could also mean that in time, human rights frameworks as such might become redundant.},
	keywords = {balancing, consequentialism, Data protection, frontpage, Mensenrechten, Miscellaneous, Privacy, utilitarianism},
}

Save .bib

Profiling the European Citizen in the Internet of Things: How Will the General Data Protection Regulation Apply to this Form of Personal Data Processing, and How Should It? external link

Eskens, S.

2016

Links

http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2752010

Data protection, Directive 95/46/EC, General Data Protection Regulation, Grondrechten, Internet of Things, Privacy, profiling

RIS

Save .RIS

Bibtex

Save .bib

Welcome to the Jungle: the Liability of Internet Intermediaries for Privacy Violations in Europe external link

van der Sloot, B.

JIPITEC, num: 3, pp: 211-228., 2016

Abstract

In Europe, roughly three regimes apply to the liability of Internet intermediaries for privacy violations conducted by users through their network. These are: the e-Commerce Directive, which, under certain conditions, excludes them from liability; the Data Protection Directive, which imposes a number of duties and responsibilities on providers processing personal data; and the freedom of expression, contained inter alia in the ECHR, which, under certain conditions, grants Internet providers several privileges and freedoms. Each doctrine has its own field of application, but they also have partial overlap. In practice, this creates legal inequality and uncertainty, especially with regard to providers that host online platforms and process User Generated Content.

Links

http://www.ivir.nl/publicaties/download/1720.pdf

Data protection, ECHR, Freedom of expression, Grondrechten, intermediaries, liability, Privacy

RIS

TY  - JOUR
AU  - van der Sloot, B.
PY  - 0119
DA  - 2016-01-19
T1  - Welcome to the Jungle: the Liability of Internet Intermediaries for Privacy Violations in Europe
JO  - JIPITEC
NV  - 3
SP  - 211-228.
UR  - http://www.ivir.nl/publicaties/download/1720.pdf
AB  - In Europe, roughly three regimes apply to the liability of Internet intermediaries for privacy violations conducted by users through their network. These are: the e-Commerce Directive, which, under certain conditions, excludes them from liability; the Data Protection Directive, which imposes a number of duties and responsibilities on providers processing personal data; and the freedom of expression, contained inter alia in the ECHR, which, under certain conditions, grants Internet providers several privileges and freedoms. Each doctrine has its own field of application, but they also have partial overlap. In practice, this creates legal inequality and uncertainty, especially with regard to providers that host online platforms and process User Generated Content.
K1  - Data protection
K1  - ECHR
K1  - Freedom of expression
K1  - Grondrechten
K1  - intermediaries
K1  - liability
K1  - Privacy
ER  -

Save .RIS

Bibtex

Article{nokey,
	title = {Welcome to the Jungle: the Liability of Internet Intermediaries for Privacy Violations in Europe},
	author = {van der Sloot, B.},
	year = {0119},
	date = {2016-01-19},
	journal = {JIPITEC},
	number = {3},
	pages = {211-228.},
	abstract = {In Europe, roughly three regimes apply to the liability of Internet intermediaries for privacy violations conducted by users through their network. These are: the e-Commerce Directive, which, under certain conditions, excludes them from liability; the Data Protection Directive, which imposes a number of duties and responsibilities on providers processing personal data; and the freedom of expression, contained inter alia in the ECHR, which, under certain conditions, grants Internet providers several privileges and freedoms. Each doctrine has its own field of application, but they also have partial overlap. In practice, this creates legal inequality and uncertainty, especially with regard to providers that host online platforms and process User Generated Content.},
	keywords = {Data protection, ECHR, Freedom of expression, Grondrechten, intermediaries, liability, Privacy},
}

Save .bib