Should Fundamental Rights to Privacy and Data Protection be a Part of the EU’s International Trade "Deals"?

Should Fundamental Rights to Privacy and Data Protection be a Part of the EU’s International Trade "Deals"? external link

World Trade Review, vol. 2018, pp: 477-508, 2017

Abstract

This article discusses ways in which the General Agreement on Trade in Services (GATS) and post-GATS free trade agreements may limit the EU's ability to regulate privacy and personal data protection as fundamental rights. After discussing this issue in two dimensions – the vertical relationship between trade and national and European Union (EU) law, and the horizontal relationship between trade and human rights law – the author concludes that these limits are real and pose serious risks. Inspired by recent developments in safeguarding labour, and environmental standards and sustainable development, the article argues that privacy and personal data protection should be part of, and protected by, international trade deals made by the EU. The EU should negotiate future international trade agreements with the objective of allowing them to reflect the normative foundations of privacy and personal data protection. This article suggests a specific way to achieve this objective.

Links

Data protection, European Union, frontpage, Fundamental rights, international trade, Privacy

RIS

TY  - JOUR
AU  - Yakovleva, S.
PY  - 1109
DA  - 2017-11-09
T1  - Should Fundamental Rights to Privacy and Data Protection be a Part of the EU’s International Trade "Deals"?
JO  - World Trade Review
VL  - 2018
SP  - 477-508
UR  - https://www.ivir.nl/publicaties/download/WTR_2018.pdf
DO  - https://doi.org/https://doi.org/10.1017/S1474745617000453
AB  - This article discusses ways in which the General Agreement on Trade in Services (GATS) and post-GATS free trade agreements may limit the EU\'s ability to regulate privacy and personal data protection as fundamental rights. After discussing this issue in two dimensions – the vertical relationship between trade and national and European Union (EU) law, and the horizontal relationship between trade and human rights law – the author concludes that these limits are real and pose serious risks.
Inspired by recent developments in safeguarding labour, and environmental standards and sustainable development, the article argues that privacy and personal data protection should be part of, and protected by, international trade deals made by the EU. The EU should negotiate future international trade agreements with the objective of allowing them to reflect the normative foundations of privacy and personal data protection. This article suggests a specific way to achieve this objective.
K1  - Data protection
K1  - European Union
K1  - frontpage
K1  - Fundamental rights
K1  - international trade
K1  - Privacy
ER  -

Save .RIS

Bibtex

Article{Yakovleva2017b,
	title = {Should Fundamental Rights to Privacy and Data Protection be a Part of the EU’s International Trade "Deals"?},
	author = {Yakovleva, S.},
	doi = {https://doi.org/https://doi.org/10.1017/S1474745617000453},
	year = {1109},
	date = {2017-11-09},
	journal = {World Trade Review},
	volume = {2018},
	pages = {477-508},
	abstract = {This article discusses ways in which the General Agreement on Trade in Services (GATS) and post-GATS free trade agreements may limit the EU\'s ability to regulate privacy and personal data protection as fundamental rights. After discussing this issue in two dimensions – the vertical relationship between trade and national and European Union (EU) law, and the horizontal relationship between trade and human rights law – the author concludes that these limits are real and pose serious risks.
Inspired by recent developments in safeguarding labour, and environmental standards and sustainable development, the article argues that privacy and personal data protection should be part of, and protected by, international trade deals made by the EU. The EU should negotiate future international trade agreements with the objective of allowing them to reflect the normative foundations of privacy and personal data protection. This article suggests a specific way to achieve this objective.},
	keywords = {Data protection, European Union, frontpage, Fundamental rights, international trade, Privacy},
}

Save .bib

Referendum ‘sleepnetwet’ voorbode digitale perikelen Rutte III: D66 zal achterban herhaaldelijk moeten teleurstellen rond digitale dossiers external link

Arnbak, A.

Het Financieele Dagblad, vol. 2017, 2017

Links

https://axelarnbak.nl/2017/11/02/41e-fd-column-referendum-sleepwet-voorbode-digitale-perikelen-rutte-iii/

frontpage, politiek, Privacy, referendum, sleepnet, Telecommunicatierecht

RIS

Save .RIS

Bibtex

Save .bib

Ziekenhuizen en energiebedrijven gaan wellicht boeten voor beveiligingsfouten: Nieuwe IT-wet bedoeld om ‘potentiële maatschappelijke ontwrichting’ te voorkomen external link

Arnbak, A.

Het Financieele Dagblad, vol. 2017, 2017

Links

https://axelarnbak.nl/2017/10/05/40e-fd-column-ziekenhuizen-en-energiebedrijven-gaan-wellicht-boeten-voor-beveiligingsfouten/

beveiliging, Cybersecurity, energiebedrijven, it, nederland, Privacy, ransomware, Telecommunicatierecht, toezicht, wetgeving, ziekenhuizen

RIS

Save .RIS

Bibtex

Save .bib

Tracking walls, take-it-or-leave-it choices, the GDPR, and the ePrivacy regulation external link

Zuiderveen Borgesius, F., Kruikemeier, S., Boerman, S.C. & Helberger, N.

European Data Protection Law Review, vol. 2017, num: 3, pp: 353-368, 2017

Abstract

On the internet, we encounter take-it-or-leave-it choices regarding our privacy on a daily basis. In Europe, online tracking for targeted advertising generally requires the internet users’ consent to be lawful. Some websites use a tracking wall, a barrier that visitors can only pass if they consent to tracking by third parties. When confronted with such a tracking wall, many people click ‘I agree’ to tracking. A survey that we conducted shows that most people find tracking walls unfair and unacceptable. We analyse under which conditions the ePrivacy Directive and the General Data Protection Regulation allow tracking walls. We provide a list of circumstances to assess when a tracking wall makes consent invalid. We also explore how the EU lawmaker could regulate tracking walls, for instance in the ePrivacy Regulation. It should be seriously considered to ban tracking walls, at least in certain circumstances.

Links

europe, frontpage, GDPR, Privacy, tracking walls

RIS

TY  - JOUR
AU  - Zuiderveen Borgesius, F.
AU  - Kruikemeier, S.
AU  - Boerman, S.C.
AU  - Helberger, N.
PY  - 1019
DA  - 2017-10-19
T1  - Tracking walls, take-it-or-leave-it choices, the GDPR, and the ePrivacy regulation
JO  - European Data Protection Law Review
VL  - 2017
NV  - 3
SP  - 353-368
UR  - https://www.ivir.nl/publicaties/download/EDPL_2017_03.pdf
DO  - https://doi.org/https://doi.org/10.21552/edpl/2017/3/9
AB  - On the internet, we encounter take-it-or-leave-it choices regarding our privacy on a daily basis. In Europe, online tracking for targeted advertising generally requires the internet users’ consent to be lawful. Some websites use a tracking wall, a barrier that visitors can only pass if they consent to tracking by third parties. When confronted with such a tracking wall, many people click ‘I agree’ to tracking. A survey that we conducted shows that most people find tracking walls unfair and unacceptable. We analyse under which conditions the ePrivacy Directive and the General Data Protection Regulation allow tracking walls. We provide a list of circumstances to assess when a tracking wall makes consent invalid. We also explore how the EU lawmaker could regulate tracking walls, for instance in the ePrivacy Regulation. It should be seriously considered to ban tracking walls, at least in certain circumstances.
K1  - europe
K1  - frontpage
K1  - GDPR
K1  - Privacy
K1  - tracking walls
ER  -

Save .RIS

Bibtex

Article{Borgesius2017b,
	title = {Tracking walls, take-it-or-leave-it choices, the GDPR, and the ePrivacy regulation},
	author = {Zuiderveen Borgesius, F. and Kruikemeier, S. and Boerman, S.C. and Helberger, N.},
	doi = {https://doi.org/https://doi.org/10.21552/edpl/2017/3/9},
	year = {1019},
	date = {2017-10-19},
	journal = {European Data Protection Law Review},
	volume = {2017},
	number = {3},
	pages = {353-368},
	abstract = {On the internet, we encounter take-it-or-leave-it choices regarding our privacy on a daily basis. In Europe, online tracking for targeted advertising generally requires the internet users’ consent to be lawful. Some websites use a tracking wall, a barrier that visitors can only pass if they consent to tracking by third parties. When confronted with such a tracking wall, many people click ‘I agree’ to tracking. A survey that we conducted shows that most people find tracking walls unfair and unacceptable. We analyse under which conditions the ePrivacy Directive and the General Data Protection Regulation allow tracking walls. We provide a list of circumstances to assess when a tracking wall makes consent invalid. We also explore how the EU lawmaker could regulate tracking walls, for instance in the ePrivacy Regulation. It should be seriously considered to ban tracking walls, at least in certain circumstances.},
	keywords = {europe, frontpage, GDPR, Privacy, tracking walls},
}

Save .bib

Unfair Commercial Practices: A Complementary Approach to Privacy Protection external link

van Eijk, N., Hoofnagle, C.J. & Kannekens, E.

European Data Protection Law Review, vol. 2017, num: 3, pp: 325-337, 2017

Abstract

Millions of European internet users access online platforms where their personal data is being collected, processed, analysed or sold. The existence of some of the largest online platforms is entirely based on data driven business models. In the European Union, the protection of personal data is considered a fundamental right. Under Article 8(3) of the EU Charter of Fundamental Rights, compliance with data protection rules should be subject to control by an independent authority. In the EU, enforcement of privacy rules almost solely takes place by the national data protection authorities. They typically apply sector-specific rules, based on the EU Data Protection Directive. In the United States, the Federal Trade Commission is the primary enforcer of consumers’ (online) privacy interests. The agency’s competence is not based on the protection of fundamental rights, but on the basis that maintenance of a competitive, fair marketplace will provide the right choices for consumers to take. In this Article the US legal framework will be discussed and compared to the EU legal framework, which forms our finding that in the EU rules on unfair commercial practices could be enforced in a similar manner to protect people’s privacy. In the EU, the many frictions concerning the market/consumer-oriented use of personal data form a good reason to actually deal with these frictions in a market/consumer legal framework.

Links

frontpage, Fundamental rights, Online platforms, Personal data, Privacy, unfair commercial practices

RIS

TY  - JOUR
AU  - van Eijk, N.
AU  - Hoofnagle, C.J.
AU  - Kannekens, E.
PY  - 1019
DA  - 2017-10-19
T1  - Unfair Commercial Practices: A Complementary Approach to Privacy Protection
JO  - European Data Protection Law Review
VL  - 2017
NV  - 3
SP  - 325-337
UR  - https://www.ivir.nl/publicaties/download/edpl_2017_03.pdf
DO  - https://doi.org/https://doi.org/10.21552/edpl/2017/3/7
AB  - Millions of European internet users access online platforms where their personal data is being collected, processed, analysed or sold. The existence of some of the largest online platforms is entirely based on data driven business models. In the European Union, the protection of personal data is considered a fundamental right. Under Article 8(3) of the EU Charter of Fundamental Rights, compliance with data protection rules should be subject to control by an independent authority. In the EU, enforcement of privacy rules almost solely takes place by the national data protection authorities. They typically apply sector-specific rules, based on the EU Data Protection Directive. In the United States, the Federal Trade Commission is the primary enforcer of consumers’ (online) privacy interests. The agency’s competence is not based on the protection of fundamental rights, but on the basis that maintenance of a competitive, fair marketplace will provide the right choices for consumers to take. In this Article the US legal framework will be discussed and compared to the EU legal framework, which forms our finding that in the EU rules on unfair commercial practices could be enforced in a similar manner to protect people’s privacy. In the EU, the many frictions concerning the market/consumer-oriented use of personal data form a good reason to actually deal with these frictions in a market/consumer legal framework.
K1  - frontpage
K1  - Fundamental rights
K1  - Online platforms
K1  - Personal data
K1  - Privacy
K1  - unfair commercial practices
ER  -

Save .RIS

Bibtex

Article{vanEijk2017b,
	title = {Unfair Commercial Practices: A Complementary Approach to Privacy Protection},
	author = {van Eijk, N. and Hoofnagle, C.J. and Kannekens, E.},
	doi = {https://doi.org/https://doi.org/10.21552/edpl/2017/3/7},
	year = {1019},
	date = {2017-10-19},
	journal = {European Data Protection Law Review},
	volume = {2017},
	number = {3},
	pages = {325-337},
	abstract = {Millions of European internet users access online platforms where their personal data is being collected, processed, analysed or sold. The existence of some of the largest online platforms is entirely based on data driven business models. In the European Union, the protection of personal data is considered a fundamental right. Under Article 8(3) of the EU Charter of Fundamental Rights, compliance with data protection rules should be subject to control by an independent authority. In the EU, enforcement of privacy rules almost solely takes place by the national data protection authorities. They typically apply sector-specific rules, based on the EU Data Protection Directive. In the United States, the Federal Trade Commission is the primary enforcer of consumers’ (online) privacy interests. The agency’s competence is not based on the protection of fundamental rights, but on the basis that maintenance of a competitive, fair marketplace will provide the right choices for consumers to take. In this Article the US legal framework will be discussed and compared to the EU legal framework, which forms our finding that in the EU rules on unfair commercial practices could be enforced in a similar manner to protect people’s privacy. In the EU, the many frictions concerning the market/consumer-oriented use of personal data form a good reason to actually deal with these frictions in a market/consumer legal framework.},
	keywords = {frontpage, Fundamental rights, Online platforms, Personal data, Privacy, unfair commercial practices},
}

Save .bib

About finding practical solutions (without the GDPR) external link

van Eijk, N.

European Data Protection Law Review, vol. 2017, num: 3, pp: 310-312, 2017

Links

frontpage, GDPR, Privacy, privacy bridges

RIS

Save .RIS

Bibtex

Save .bib

The perfect match? A closer look at the relationship between EU consumer law and data protection law external link

Helberger, N., Zuiderveen Borgesius, F. & Reyna, A.

Common Market Law Review, vol. 2017, num: 5, pp: 1427-1466, 2017

Abstract

In modern markets, many companies offer so-called “free” services and monetize consumer data they collect through those services. This paper argues that consumer law and data protection law can usefully complement each other. Data protection law can also inform the interpretation of consumer law. Using consumer rights, consumers should be able to challenge excessive collection of their personal data. Consumer organizations have used consumer law to tackle data protection infringements. The interplay of data protection law and consumer protection law provides exciting opportunities for a more integrated vision on “data consumer law”.

Links

https://www.ivir.nl/publicaties/download/CMLR_2017_5.pdf

Consumentenrecht, Consumer law, Data protection law, EU, frontpage, gegevensbescherming, Privacy

RIS

TY  - JOUR
AU  - Helberger, N.
AU  - Zuiderveen Borgesius, F.
AU  - Reyna, A.
PY  - 1006
DA  - 2017-10-06
T1  - The perfect match? A closer look at the relationship between EU consumer law and data protection law
JO  - Common Market Law Review
VL  - 2017
NV  - 5
SP  - 1427-1466
UR  - https://www.ivir.nl/publicaties/download/CMLR_2017_5.pdf
AB  - In modern markets, many companies offer so-called “free” services and monetize consumer data they collect through those services. This paper argues that consumer law and data protection law can usefully complement each other. Data protection law can also inform the interpretation of consumer law. Using consumer rights, consumers should be able to challenge excessive collection of their personal data. Consumer organizations have used consumer law to tackle data protection infringements. The interplay of data protection law and consumer protection law provides exciting opportunities for a more integrated vision on “data consumer law”.
K1  - Consumentenrecht
K1  - Consumer law
K1  - Data protection law
K1  - EU
K1  - frontpage
K1  - gegevensbescherming
K1  - Privacy
ER  -

Save .RIS

Bibtex

Article{Helberger2017b,
	title = {The perfect match? A closer look at the relationship between EU consumer law and data protection law},
	author = {Helberger, N. and Zuiderveen Borgesius, F. and Reyna, A.},
	year = {1006},
	date = {2017-10-06},
	journal = {Common Market Law Review},
	volume = {2017},
	number = {5},
	pages = {1427-1466},
	abstract = {In modern markets, many companies offer so-called “free” services and monetize consumer data they collect through those services. This paper argues that consumer law and data protection law can usefully complement each other. Data protection law can also inform the interpretation of consumer law. Using consumer rights, consumers should be able to challenge excessive collection of their personal data. Consumer organizations have used consumer law to tackle data protection infringements. The interplay of data protection law and consumer protection law provides exciting opportunities for a more integrated vision on “data consumer law”.},
	keywords = {Consumentenrecht, Consumer law, Data protection law, EU, frontpage, gegevensbescherming, Privacy},
}

Save .bib

A Roadmap to Enhancing User Control via Privacy Dashboards external link

Irion, K., Yakovleva, S., van Hoboken, J. & Thompson, M.

2017

Abstract

This report presents and draws on multidisciplinary insights into what characterises effective user control over the collection and use of personal data. User controls arise from the interplay of a number of conditions. These are partly technical but also connected to different aspects of user behaviour, the intricacies of design, as well as the internal and external incentives in privacy governance that exist today. Our review of the state of research underscores that devising effective user controls require close collaboration between different disciplines, clear regulatory guidance and scientifically-backed assessments.

Links

https://www.ivir.nl/publicaties/download/PrivacyBridgesUserControls2017.pdf

frontpage, Privacy

RIS

Save .RIS

Bibtex

Save .bib

The freely given consent and the "bundling" provision under the GDPR external link

Kostić, B. & Vargas Penagos, E.

Computerrecht, vol. 2017, num: 4, pp: 217-222, 2017

Abstract

Under European data protection law, consent of the data subject is one of the six grounds for lawful processing of personal data. It is such an important ground that lawmakers considered it necessary to provide a legal definition of consent. One of the conditions under this definition is that it needs to be “freely given.” The General Data Protection Regulation (GDPR) 3 has further expanded on this concept in Article 7(4). It refers to a situation under which consent might not be considered “freely given.” If consent is invalid because it is not freely given, the processing is usually unlawful. Consequently, a legal basis for processing is missing. Therefore, this is an important provision. Yet the wording of this new provision is vague and its scope is unclear. Thus, the question arises as to how Article 7(4) should be applied. In this paper, the authors tease out the assessment criteria for the application of this provision on the basis of its text, structure and history. These criteria will then be applied to hypothetical cases in the final section.

Links

https://www.ivir.nl/publicaties/download/Computerrecht_2017_4.pdf

bundling, consent, frontpage, General Data Protection Regulation, Privacy

RIS

TY  - JOUR
AU  - Kostić, B.
AU  - Vargas Penagos, E.
PY  - 0915
DA  - 2017-09-15
T1  - The freely given consent and the "bundling" provision under the GDPR
JO  - Computerrecht
VL  - 2017
NV  - 4
SP  - 217-222
UR  - https://www.ivir.nl/publicaties/download/Computerrecht_2017_4.pdf
AB  - Under European data protection law, consent of the data subject is one of the six grounds for lawful processing of personal data. It is such an important ground that lawmakers considered it necessary to provide a legal definition of consent. One of the conditions under this definition is that it needs to be “freely given.” The General Data Protection Regulation (GDPR) 3 has further expanded on this concept in Article 7(4). It refers to a situation under which consent might not be considered “freely given.” If consent is invalid because it is not freely given, the processing is usually unlawful. Consequently, a legal basis for processing is missing. Therefore, this is an important provision. Yet the wording of this new provision is vague and its scope is unclear. Thus, the question arises as to how Article 7(4) should be applied. In this paper, the authors tease out the assessment criteria for the application of this provision on the basis of its text, structure and history. These criteria will then be applied to hypothetical cases in the final section.
K1  - bundling
K1  - consent
K1  - frontpage
K1  - General Data Protection Regulation
K1  - Privacy
ER  -

Save .RIS

Bibtex

Article{Kostić2017,
	title = {The freely given consent and the "bundling" provision under the GDPR},
	author = {Kostić, B. and Vargas Penagos, E.},
	year = {0915},
	date = {2017-09-15},
	journal = {Computerrecht},
	volume = {2017},
	number = {4},
	pages = {217-222},
	abstract = {Under European data protection law, consent of the data subject is one of the six grounds for lawful processing of personal data. It is such an important ground that lawmakers considered it necessary to provide a legal definition of consent. One of the conditions under this definition is that it needs to be “freely given.” The General Data Protection Regulation (GDPR) 3 has further expanded on this concept in Article 7(4). It refers to a situation under which consent might not be considered “freely given.” If consent is invalid because it is not freely given, the processing is usually unlawful. Consequently, a legal basis for processing is missing. Therefore, this is an important provision. Yet the wording of this new provision is vague and its scope is unclear. Thus, the question arises as to how Article 7(4) should be applied. In this paper, the authors tease out the assessment criteria for the application of this provision on the basis of its text, structure and history. These criteria will then be applied to hypothetical cases in the final section.},
	keywords = {bundling, consent, frontpage, General Data Protection Regulation, Privacy},
}

Save .bib

Book Review: The Crisis of Presence in Contemporary Culture external link

Sax, M.

European Data Protection Law Review, vol. 3, num: 2, pp: 293-296, 2017

Links

book review, Data protection, ethics, phenomenology, presence, Privacy, property

RIS

Save .RIS

Bibtex

Save .bib