@techreport{vanEechoud2021bb,
title = {Data na de dood - juridische aspecten van digitale nalatenschappen},
author = {van Eechoud, M. and Ausloos, J. and Loos, M. and Mak, C. and Reinhartz, B. and Schumacher, L.D. and Pol, L. },
url = {https://www.ivir.nl/publicaties/download/Data-na-de-dood.pdf},
year = {2021},
date = {2021-07-08},
abstract = {Onderzoek in opdracht van het Ministerie van Binnenlandse Zaken en Koninkrijksrelaties, April 2021, Bijlage bij Kamerstuk 2020-2021, 30696 nr. 52.

Auteurs: M.M.M. van Eechoud, J. Ausloos, M. Loos, C. Mak, B. Reinhartz, L. Schumacher & L. Pol.},
keywords = {},
pubstate = {published},
tppubtype = {techreport}
}

@article{Sax2021b,
title = {Voorbij privacy: manipulatie is het \'{e}chte probleem in gezondheidsapps},
author = {Sax, M.},
url = {https://www.uitgeverijparis.nl/nl/reader/209785/1001582341},
year = {2021},
date = {2021-06-24},
journal = {Privacy & Informatie},
number = {3},
pages = {117-120},
abstract = {Ze zijn enorm populair en zullen alleen nog maar populairder worden: gezondheidsapps. Er zijn populaire gezondheidsapps met tientallen tot soms honderden miljoenen gebruikers voor van alles en nog wat: dieetadviezen en calorie\"{e}ntellen (MyFitnessPal), meditatie en mindfulness (Headspace), het tracken en onderling vergelijken van sportactiviteiten (Strava), het tracken van je algehele bewegings- en gezondheidspatronen via een wearable (Fitbit), enzovoort. Hun huidige populariteit zal alleen nog maar toenemen, aangezien werkgevers en verzekeraars steeds nadrukkelijker het gebruik van gezondheidsapps aanprijzen. 1 Gezondheid is goed, meer gezondheid is beter. Geweldig toch, die alsmaar toenemende populariteit van gezondheidsapps?},
keywords = {},
pubstate = {published},
tppubtype = {article}
}

@article{vanHoboken2021b,
title = {Smartphone platforms as privacy regulators},
author = {van Hoboken, J. and Fahy, R.},
url = {https://www.ivir.nl/publicaties/download/Smartphone-platforms-as-privacy-regulators.pdf},
doi = {https://doi.org/10.1016/j.clsr.2021.105557},
year = {2021},
date = {2021-06-10},
journal = {Computer Law & Security Review},
volume = {41},
abstract = {A series of recent developments highlight the increasingly important role of online platforms in impacting data privacy in today's digital economy. Revelations and parliamentary hearings about privacy violations in Facebook's app and service partner ecosystem, EU Court of Justice judgments on joint responsibility of platforms and platform users, and the rise of smartphone app ecosystems where app behaviour is governed by app distribution platforms and operating systems, all show that platform policies can make or break the enjoyment of privacy by users. In this article, we examine these developments and explore the question of what can and should be the role of platforms in protecting data privacy of their users.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}

@article{vanHoboken2021,
title = {Regulating Disinformation in Europe: Implications for Speech and Privacy},
author = {van Hoboken, J. and Fahy, R.},
url = {https://www.ivir.nl/publicaties/download/Regulating-Disinformation-in-Europe.pdf},
year = {2021},
date = {2021-06-01},
journal = {UC Irvine Journal of International, Transnational, and Comparative Law},
volume = {6},
number = {1},
pages = {9-36},
abstract = {This Article examines the ongoing dynamics in the regulation of disinformation in Europe, focusing on the intersection between the right to
freedom of expression and the right to privacy. Importantly, there has been a recent wave of regulatory measures and other forms of pressure on online platforms to tackle disinformation in Europe. These measures play out in different ways at the intersection of the right to freedom of expression and the right to privacy. Crucially, as governments, journalists, and researchers seek greater transparency and access to information from online platforms to evaluate their impact on the health of their democracies, these measures raise acute issues related to user privacy. Indeed, platforms that once refused to cooperate with governments in identifying users allegedly responsible for disseminating illegal or harmful content are now expanding cooperation. However, while platforms are increasingly facilitating government access to user data, platforms are also invoking data protection law concerns as a shield in response to recent efforts at increased platform transparency. At
the same time, data protection law provides for one of the main systemic regulatory safeguards in Europe. It protects user autonomy concerning datadriven campaigns, requiring transparency for internet audiences about targeting and data subject rights in relation to audience platforms, such as social media companies.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}

@online{Irion2021b,
title = {Formal meeting (oral evidence session): Digital trade and data},
author = {Irion, K.},
url = {https://committees.parliament.uk/event/3859/formal-meeting-oral-evidence-session/},
year = {2021},
date = {2021-03-12},
abstract = {Oral testimony on the UK House of Commons International Trade Committee. The Committee has launched an inquiry into digital trade and data. Digital trade refers to digitally enabled, or digitally delivered, trade in goods and services. Such trade involves the movement of data.
The Committee’s inquiry will explore a range of issues, including:
• Digital trade and data provisions in Free Trade Agreements
• Concerns around the security and privacy of data
• The environmental impact of digital trade
• Relevant legal frameworks},
keywords = {},
pubstate = {published},
tppubtype = {online}
}

@article{Dommering2021c,
title = {Annotatie bij Hof van Justitie EU 16 juli 2020 (Data Protection Commissioner / Facebook Ireland & Schrems)(Schrems II)},
author = {Dommering, E.},
url = {https://www.ivir.nl/publicaties/download/Annotatie_NJ_2021_24.pdf},
year = {2021},
date = {2021-03-12},
journal = {Nederlandse Jurisprudentie},
volume = {2021},
number = {5/6},
pages = {455-458},
abstract = {Uitlevering persoonsgegevens Ierland/VS in strijd met de AVG omdat veiligheidsdiensten in VS ongecontroleerd toegang hebben tot serviceproviders die deze persoonsgegevens ontvangen.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}

@article{Poort2021,
title = {Personalised pricing: The demise of the fixed price?},
author = {Poort, J. and Zuiderveen Borgesius, F.},
url = {https://www.ivir.nl/publicaties/download/The-Demise-of-the-Fixed-Price.pdf},
year = {2021},
date = {2021-03-04},
abstract = {An online seller or platform is technically able to offer every consumer a different price for the same product, based on information it has about the customers. Such online price discrimination exacerbates concerns regarding the fairness and morality of price discrimination, and the possible need for regulation. In this chapter, we discuss the underlying basis of price discrimination in economic theory, and its popular perception. Our surveys show that consumers are critical and suspicious of online price discrimination. A majority consider it unacceptable and unfair, and are in favour of a ban. When stores apply online price discrimination, most consumers think they should be informed about it. We argue that the General Data Protection Regulation (GDPR) applies to the most controversial forms of online price discrimination, and not only requires companies to disclose their use of price discrimination, but also requires companies to ask customers for their prior consent. Industry practice, however, does not show any adoption of these two principles.},
note = {Forthcoming as chapter 10 in: Kohl, U., & Eisler, J. (eds.), Data-Driven Personalisation in Markets, Politics and Law. Cambridge: Cambridge University Press, 2021.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}

@article{Janssen2021,
title = {Decentralised Data Processing: Personal Data Stores and the GDPR},
author = {Janssen, H. and Cobbe, J. and Norval, C. and Singh, J.},
url = {https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3570895
https://www.ivir.nl/publicaties/download/IDPL-2021-4.pdf},
doi = {https://doi.org/10.1093/idpl/ipaa016},
year = {2021},
date = {2021-01-04},
journal = {International Data Privacy Law},
volume = {10},
number = {4},
pages = {356-384},
abstract = {When it comes to online services, users have limited control over how their personal data is processed. This is partly due to the nature of the business models of those services, where data is typically stored and aggregated in data centres. This has recently led to the development of technologies aiming at leveraging user control over the processing of their personal data.
Personal Data Stores (“PDSs”) represent a class of these technologies; PDSs provide users with a device, enabling them to capture, aggregate and manage their personal data. The device provides tools for users to control and monitor access, sharing and computation over data on their device. The motivation for PDSs are described as (i) to assist users with their confidentiality and privacy concerns, and/or (ii) to provide opportunities for users to transact with or otherwise monetise their data.
While PDSs potentially might enable some degree of user empowerment, they raise interesting considerations and uncertainties in relation to the responsibilities under the General Data Protection Regulation (GDPR). More specifically, the designations of responsibilities among key parties involved in PDS ecosystems are unclear. Further, the technical architecture of PDSs appears to restrict certain lawful grounds for processing, while technical means to identify certain category data, as proposed by some, may remain theoretical.
We explore the considerations, uncertainties, and limitations of PDSs with respect to some key obligations under the GDPR. As PDS technologies continue to develop and proliferate, potentially providing an alternative to centralised approaches to data processing, we identify issues which require consideration by regulators, PDS platform providers and technologists.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}

@article{Janssen2021b,
title = {Personal Data Stores: a user-centric privacy utopia?},
author = {Janssen, H. and Cobbe, J. and Singh, J.},
year = {2021},
date = {2021-01-04},
journal = {Internet Policy Review},
keywords = {},
pubstate = {forthcoming},
tppubtype = {article}
}

@article{Ferrari2020b,
title = {Crosshatching Privacy: Financial Intermediaries’ Data Practices Between Law Enforcement and Data Economy},
author = {Ferrari, V.},
url = {https://edpl.lexxion.eu/article/EDPL/2020/4/8
https://www.ivir.nl/publicaties/download/edpl_2020_04.pdf},
doi = {https://doi.org/10.21552/edpl/2020/4/8},
year = {2020},
date = {2020-12-22},
journal = {European Data Protection Law Review},
volume = {6},
number = {4},
pages = {522-535},
abstract = {Financial data are key to various law enforcement processes, including criminal investigations, anti-money laundering strategies and the implementation of national fiscal policies. However, financial data also qualify as personal data. While law enforcement objectives can derogate certain privacy-related legal safeguards, private financial firms should, in principle, comply with the privacy standards upheld by GDPR. Highlighting the most critical trends of the current financial industry (i.e. commercial exploitation of data; international dimension of financial informational networks; use of automated processing and decision-making tools), the present paper analyses how privacy and law enforcement priorities interplay in determining the governance of financial data. We conclude by recognizing that privacy loopholes exist in the current financial industry’s data practices, and that - as payments tend to be increasingly performed in digital manners, exponentially increasing the availability of financial data - privacy-enhancing payment methods should be encouraged and legitimised.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}

@techreport{vanHoboken2020d,
title = {WODC-onderzoek: Voorziening voor verzoeken tot snelle verwijdering van onrechtmatige online content},
author = {van Hoboken, J. and Appelman, N. and van Duin, A. and Blom, T. and Zarouali, B. and Fahy, R. and Steel, M. and Stringhi, E. and Helberger, N.},
url = {https://www.ivir.nl/publicaties/download/WODC_voorziening_onrechtmatige_content.pdf},
year = {2020},
date = {2020-11-12},
abstract = {Dit onderzoek is uitgegeven als onderdeel van het speerpunt van de Minister voor Rechtsbescherming om de positie van slachtoffers van onrechtmatige uitingen op het internet te verbeteren. Aanleiding is dat het voor mensen als te moeilijk ervaren wordt om onrechtmatige online content snel verwijderd te krijgen. Dit rapport biedt inzicht in de juridische en praktische haalbaarheid van een voorziening voor de verwijdering van onrechtmatige online content die mensen persoonlijk raakt. Onrechtmatige content is informatie, door mensen op het internet geplaatst, die in strijd is met het recht, vanwege de schadelijke gevolgen ervan en/of omdat de belangen van anderen daardoor op ernstige wijze worden aangetast. Hierbij moet, bijvoorbeeld, gedacht worden aan bedreigingen, privacy-inbreuken of wraakporno. Het doel van de onderzochte voorziening is om mensen in staat te stellen deze onrechtmatige online content zo snel mogelijk te verwijderen. Het onderzoek focust op onrechtmatige online content die mensen in hun persoon raakt en daarmee onder het recht op priv\'{e}leven uit artikel 8 Europees Verdrag voor de Rechten van de Mens (“EVRM”) valt.},
keywords = {},
pubstate = {published},
tppubtype = {techreport}
}

@article{Dommering2020i,
title = {Annotatie bij Rb. Den Haag 5 februari 2020 (NJCM c.s. / Staat der Nederlanden - SyRI-wetgeving)},
author = {Dommering, E.},
url = {https://www.ivir.nl/publicaties/download/Annotatie_NJ_2020_386.pdf},
year = {2020},
date = {2020-11-10},
journal = {Nederlandse Jurisprudentie},
number = {45},
pages = {6792-6795},
abstract = {De SyRI-wetgeving voldoet niet aan de in art. 8 lid 2 EVRM gestelde eis dat de inmenging in de uitoefening van het recht op respect voor het priv\'{e}leven noodzakelijk is in een democratische samenleving, dat wil zeggen noodzakelijk, evenredig (proportioneel) en subsidiair in relatie tot het beoogde doel.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}

@article{Strycharz2020,
title = {Data Protection or Data Frustration? Individual perceptions and attitudes towards the GDPR},
author = {Strycharz, J. and Ausloos, J. and Helberger, N.},
url = {https://www.ivir.nl/publicaties/download/EDPLR_2020_3.pdf},
doi = {https://doi.org/10.21552/edpl/2020/3/10},
year = {2020},
date = {2020-10-13},
journal = {European Data Protection Law Review},
volume = {6},
number = {3},
pages = {407-421},
abstract = {Strengthening individual rights, enhancing control over one’s data and raising awareness were among the main aims the European Commission set for the General Data Protection Regulation (GDPR). In order to assess whether these aims have been met, research into individual perceptions, awareness, and understanding of the Regulation is necessary. This study thus examines individual reactions to the GDPR in order to provide insights into user agency in relation to the Regulation. More specifically, it discusses empirical data (survey with N = 1288) on individual knowledge of, reactions to, and rights exercised under the GDPR in the Netherlands. The results show high awareness of the GDPR and knowledge of individual rights. At the same time, the Dutch show substantial reactance to the Regulation and doubt the effectiveness of their individual rights. These findings point to several issues obstructing the GDPR’s effectiveness, and constitute useful signposts for policy-makers and enforcement agencies to prioritise their strategies in achieving the original aims of the Regulation.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}

@inbook{Yakovleva2020e,
title = {Privacy and Data Protection in the EU- and US-led Post- WTO Free Trade Agreements},
author = {Yakovleva, S.},
url = {https://www.ivir.nl/publicaties/download/Yearbook_International_Economic_Law.pdf},
doi = {https://doi.org/10.1007/978-3-030-46955-9_5},
year = {2020},
date = {2020-10-08},
pages = {95-115},
series = {European Yearbook of International Economic Law},
abstract = {The chapter addresses privacy and data protection in FTAs. It takes stock of the evolution of provisions on privacy and data protection in the post-WTO FTAs and FTAs currently under negotiation relying on EU- and US-led FTAs as an empirical basis. The chapter evaluates the trends and patterns of the development of these provisions and provides an outlook for the upcoming negotiations on electronic commerce at the WTO. It highlights the evolution of provisions on privacy and personal data protection in general exceptions, financial and telecommunications chapters, chapters on electronic commerce and digital trade. After identifying trends in the design and wording of these provisions in the EU- and US-led FTAs the chapter concludes that both trading partners tend to prefer their own template for regional FTAs.},
note = {Chapter in: Coherence and Divergence in Services Trade Law, ed. R.T. Hoffmann & M. Krajewski},
keywords = {},
pubstate = {published},
tppubtype = {inbook}
}

@article{Yakovleva2020d,
title = {Personal Data Transfers in International Trade and EU Law: A Tale of Two ‘Necessities’},
author = {Yakovleva, S.},
url = {https://www.ivir.nl/publicaties/download/JWIT_2020.pdf},
year = {2020},
date = {2020-10-02},
journal = {The Journal of World Investment & Trade},
pages = {1-39},
abstract = {Cross-border flows of personal data have become essential for international trade. EU law restricts transfers of personal data to a degree that is arguably beyond what is permitted under the EU’s WTO commitments. These restrictions may be justified under trade law’s ‘necessity test.’ The article suggests that they may not pass this test. Yet, from an EU law perspective, the right to the protection of personal data is a fundamental right. An international transfer of personal data constitutes a derogation from this right and, therefore, must be consistent with another necessity test, the ‘strict necessity’ test of the derogation clause of the EU Charter of Fundamental Rights. This article shows how a simultaneous application of the trade law and EU Charter ‘necessities’ to EU restrictions on transfers of personal data creates a Catch-22 situation and sketches the ways out of this compliance deadlock.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}

@article{Yakovleva2020c,
title = {Kaleidoscopic data-related enforcement in the digital age},
author = {Yakovleva, S. and Geursen, W. and Arnbak, A.},
url = {https://www.ivir.nl/publicaties/download/CMLR_2020.pdf},
year = {2020},
date = {2020-10-01},
journal = {Common Market Law Review},
volume = {57},
number = {5},
pages = {1461-1494},
abstract = {The interplay between competition, consumer and data protection law, when applied to data collection and processing practices, may lead to situations where several competent authorities can, independently, carry out enforcement actions against the same practice, or where an authority competent to carry out enforcement in one area of law can borrow the concepts of another area to advance its own goals. The authors call this “kaleidoscopic enforcement”. Kaleidoscopic enforcement may undermine existing coordination mechanisms within specif ic areas, and may lead to both the incoherent enforcement of EU rules applicable to data, and to sub-optimal enforcement. An EU level binding
inter-disciplinary coordination mechanism between competition, consumer and data protection authorities is needed. Now the Commission has announced ambitious plans to enhance the coherent application of EU law in several areas, it is the perfect time to work towards creating such an enforcement mechanism.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}

@article{Helberger2020h,
title = {Macro and Exogenous Factors in Computational Advertising: Key Issues and New Research Directions},
author = {Helberger, N. and Huh, J. and Milne, G. and Strycharz, J.},
doi = {https://doi.org/10.1080/00913367.2020.1811179},
year = {2020},
date = {2020-09-11},
journal = {Journal of Advertising},
volume = {49},
number = {4},
pages = {377-393},
abstract = {To advance the emerging research field of computational advertising this article describes the new computational advertising ecosystem, identifies key actors within it and interactions among them, and discusses future research agendas. Specifically, we propose systematic conceptualization for the redefined advertising industry, consumers, government, and technology environmental factors, and discuss emerging and anticipated tensions that arise in the macro and exogenous factors surrounding the new computational advertising industry, leading to suggestions for future research directions. From multidisciplinary angles, areas of tension and related research questions are explored from advertising, business, computer science, and legal perspectives. The proposed research agendas include exploring transparency of computational advertising practice and consumer education; understanding the trade-off between explainability and performance of algorithms; exploring the issue of new consumers as free data laborers, data as commodity, and related consumer agency challenges; understanding the relationship between algorithmic transparency and consumers’ literacy; evaluating the trade-off between algorithmic fairness and privacy protection; examining legal and regulatory issues regarding power imbalance between actors in the computational advertising ecosystem; and studying the trade-off between technological innovation and consumer protection and empowerment.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}

@article{Eskens2020b,
title = {Opinie: De wettelijke mogelijkheden voor online proctoring door universiteiten zijn zeer beperkt},
author = {Eskens, S.},
url = {https://www.ivir.nl/publicaties/download/TvI_2020_4.pdf},
year = {2020},
date = {2020-08-27},
journal = {Tijdschrift voor Internetrecht},
number = {4},
pages = {141-143},
keywords = {},
pubstate = {published},
tppubtype = {article}
}

@article{Dommering2020h,
title = {Annotatie HvJ EU 2 oktober 2018 (Ministerio Fiscal)},
author = {Dommering, E.},
url = {https://www.ivir.nl/publicaties/download/Annotatie_NJ_232.pdf},
year = {2020},
date = {2020-07-21},
journal = {Nederlandse Jurisprudentie},
number = {28},
pages = {3753-3754},
abstract = {Toegang tot door elektronische communicatiedienstaanbieder verwerkte persoonsgegevens alleen gerechtvaardigd als het om ernstig delict gaat. Identificatiegegevens op SIMkaart van gestolen mobiele telefoon ook bij lichtere vormen van criminaliteit toegestaan toegestaan omdat deze op zich zelf geen inzicht geven in de priv\'{e} communicatie.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}

@article{Mahieu2020,
title = {Harnessing the collective potential of GDPR access rights: towards an ecology of transparency},
author = {Mahieu, R. and Ausloos, J.},
url = {https://policyreview.info/articles/news/harnessing-collective-potential-gdpr-access-rights-towards-ecology-transparency/1487},
year = {2020},
date = {2020-07-17},
journal = {Internet Policy Review},
abstract = {The GDPR’s goal of empowering citizens can only be fully realised when the collective dimensions of data subject rights are acknowledged and supported through proper enforcement. The power of the collective use of data subjects’ rights, however, is currently neither acknowledged nor properly enforced. This is the message we sent to the European Commission in response to its call for feedback for its two-year review of the GDPR. In our submission entitled Recognising and Enabling the Collective Dimension of the GDPR and the Right of Access \textendash A call to support the governance structure of checks and balances for informational power asymmetries, we demonstrate the collective potential of GDPR access rights with a long list of real-life examples.},
note = {Opinion},
keywords = {},
pubstate = {published},
tppubtype = {article}
}

@article{Monzer2020,
title = {User Perspectives on the News Personalisation Process: Agency, Trust and Utility as Building Blocks},
author = {Monzer, C. and M\"{o}ller, J. and Helberger, N. and Eskens, S.},
url = {https://www.tandfonline.com/doi/full/10.1080/21670811.2020.1773291},
doi = {10.1080/21670811.2020.1773291},
year = {2020},
date = {2020-06-16},
journal = {Digital Journalism},
volume = {8},
number = {9},
pages = {1142-1162},
abstract = {With the increasing use of algorithms in news distribution, commentators warn about its possible impacts on the changing relationship between the news media and news readers. To understand the meaning of news personalisation strategies to users, we investigated how they currently experience news personalisation, perceive their role in the personalisation process, and envision increasing the utility of personalised news by giving users more agency and fostering trust. We conducted four focus groups with online news readers in Germany. For the analysis, grounded theory techniques were suitable due to their applicability in reconstructing user perspectives through their own experiences. We found that (1) users fail to distinguish between news personalisation and commercial targeting, which may negatively bias their perception; (2) there is a contradiction in how users perceive themselves as active participants in the process, but lack the means to exercise agency; (3) user concerns extend beyond privacy to what information they receive and their right to personal autonomy\textemdasha solution requires offering users the ability to dynamically adjust their “news interest profiles”; (4) while news personalisation strategies afford new opportunities for introducing reciprocity in the media-audience relationship, negotiating competing logics of journalistic, personal and algorithmic curation remains a challenge.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}

@article{Yakovleva2020b,
title = {Drie mogelijke boetes van mededingings-, consumenten- en persoonsgegevensautoriteiten voor hetzelfde datagebruik},
author = {Yakovleva, S. and Geursen, W,W, and Arnbak, A.},
url = {https://www.ivir.nl/publicaties/download/MP_2020_164.pdf},
year = {2020},
date = {2020-06-09},
journal = {Tijdschrift Mededingingsrecht in de Praktijk},
number = {2},
pages = {30-37},
abstract = {Door de toename van datagebruik door ondernemingen is er sprake van convergentie tussen het mededingings-, consumenten- en gegevensbeschermingsrecht. Er kan dan parallelle handhaving plaatsvinden ten aanzien van \'{e}\'{e}n en dezelfde handeling door dezelfde onderneming door drie verschillende autoriteiten. Dat noemen wij caleidoscopische handhaving. Dat heeft volgens ons verschillende keerzijden, waaronder het risico op overhandhaving door drie afzonderlijke procedures van drie afzonderlijke autoriteiten en mogelijk drie boetes. Wij onderzoeken in dit artikel waarom het ne-bis-in-idem-beginsel niet van toepassing is en het beginsel van eendaadse samenloop evenmin (net als in de recente Marine Harvest gun-jumping zaak), waardoor proportionaliteit overblijft.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}

@article{Irion2020bb,
title = {Pitching trade against privacy: reconciling EU governance of personal data flows with external trade},
author = {Irion, K. and Yakovleva, S. },
doi = {https://doi.org/10.1093/idpl/ipaa003},
year = {2020},
date = {2020-04-01},
journal = {International Data Privacy Law},
volume = {10},
number = {3},
pages = {201-221},
abstract = {This article positions EU’s external governance of personal data flows against the backdrop of the international controversy on digital trade versus strict privacy laws. Now that the EU has defined its position on horizontal provisions on cross-border data flows and personal data protection, it is both timely and essential to reassess its strategy on the international transfers of personal data in the purview of its future trade agreements. For its own normative approach and regulatory autonomy, the EU has a pivotal role to play in shaping the interface between trade and privacy before the ‘free trade leviathan’ can restrict the policy choices not only of individual states but also of the EU itself. Our contribution aims to break through the present compartmentalization of privacy scholarship and trade lawyers because it situates personal data flows in both disciplines.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}

@article{Borgesius2020,
title = {Strengthening legal protection against discrimination by algorithms and artificial intelligence},
author = {Zuiderveen Borgesius, F.},
url = {https://doi-org.proxy.uba.uva.nl:2443/10.1080/13642987.2020.1743976},
year = {2020},
date = {2020-03-29},
journal = {The International Journal of Human Rights},
abstract = {Algorithmic decision-making and other types of artificial intelligence (AI) can be used to predict who will commit crime, who will be a good employee, who will default on a loan, etc. However, algorithmic decision-making can also threaten human rights, such as the right to non-discrimination. The paper evaluates current legal protection in Europe against discriminatory algorithmic decisions. The paper shows that non-discrimination law, in particular through the concept of indirect discrimination, prohibits many types of algorithmic discrimination. Data protection law could also help to defend people against discrimination. Proper enforcement of non-discrimination law and data protection law could help to protect people. However, the paper shows that both legal instruments have severe weaknesses when applied to artificial intelligence. The paper suggests how enforcement of current rules can be improved. The paper also explores whether additional rules are needed. The paper argues for sector-specific \textendash rather than general \textendash rules, and outlines an approach to regulate algorithmic decision-making.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}

@article{Eskens2020,
title = {The personal information sphere: An integral approach to privacy and related information and communication rights},
author = {Eskens, S.},
url = {https://www.ivir.nl/publicaties/download/jasist_2020.pdf},
doi = {https://doi.org/10.1002/asi.24354},
year = {2020},
date = {2020-03-20},
journal = {JASIST},
volume = {71},
number = {9},
pages = {1116-1128},
abstract = {Data protection laws, including the European Union General Data Protection Regulation, regulate aspects of online personalization. However, the data protection lens is too narrow to analyze personalization. To define conditions for personalization, we should understand data protection in its larger fundamental rights context, starting with the closely connected right to privacy. If the right to privacy is considered along with other European fundamental rights that protect information and communication flows, namely, communications confidentiality; the right to receive information; and freedom of expression, opinion, and thought, these rights are observed to enable what I call a “personal information sphere” for each person. This notion highlights how privacy interferences affect other fundamental rights. The personal information sphere is grounded in European case law and is thus not just an academic affair. The essence of the personal information sphere is control, yet with a different meaning than mere control as guaranteed by data protection law. The personal information sphere is about people controlling how they situate themselves in information and communication networks. It follows that, to respect privacy and related rights, online personalization providers should actively involve users in the personalization process and enable them to use personalization for personal goals.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}

@article{Yakovleva2020,
title = {Privacy Protection(ism): The Latest Wave of Trade Constraints on Regulatory Autonomy},
author = {Yakovleva, S.},
url = {https://repository.law.miami.edu/umlr/vol74/iss2/5/},
year = {2020},
date = {2020-02-27},
journal = {University of Miami Law Review},
volume = {74},
number = {2},
pages = {416-519},
abstract = {Countries spend billions of dollars each year to strengthen their discursive power to shape international policy debates. They do so because in public policy conversations labels and narratives matter enormously. The “digital protectionism” label has been used in the last decade as a tool to gain the policy upper hand in digital trade policy debates about cross-border flows of personal and other data. Using the Foucauldian framework of discourse analysis, this Article brings a unique perspective on this topic. The Article makes two central arguments. First, the Article argues that the term “protectionism” is not endowed with an inherent meaning but is socially constructed by the power of discourse used in international negotiations, and in the interpretation and application of international trade policy and rules. In other words, there are as many definitions of “(digital) protectionism” as there are discourses. The U.S. and E.U. “digital trade” discourses illustrate this point. Using the same term, those trading partners advance utterly different discourses and agendas: an economic discourse with economic efficiency as the main benchmark (United States), and a more multidisciplinary discourse where both economic efficiency and protection of fundamental rights are equally important (European Union). Second, based on a detailed evaluation of the economic “digital trade” discourse, the Article contends that the coining of the term “digital protectionism” to refer to domestic information governance policies not yet fully covered by trade law disciplines is not a logical step to respond to objectively changing circumstances, but rather a product of that discourse, which is coming to dominate U.S.-led international trade negotiations. The Article demonstrates how this redefinition of “protectionism” has already resulted in the adoption of international trade rules in recent trade agreements further restricting domestic autonomy to protect the rights to privacy and the protection of personal data. The Article suggests that the distinction between privacy and personal data protection and protectionism is a moral question, not a question of economic efficiency. Therefore, when a policy conversation, such as the one on cross-border data flows, involves noneconomic spill-over effects to individual rights, such conversation should not be confined within the straightjacket of trade economics, but rather placed in a broader normative perspective. Finally, the Article argues that, in conducting recently restarted multilateral negotiations on electronic commerce at the World Trade Organization, countries should rethink the goals of international trade for the twenty-first century. Such goals should determine and define the discourse, not the other way around. The discussion should not be about what “protectionism” means but about how far domestic regimes are willing to let trade rules interfere in their autonomy to protect their societal, cultural, and political values.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}

@inbook{vanHoboken2020,
title = {The Privacy Disconnect},
author = {van Hoboken, J.},
url = {https://mitpress.mit.edu/books/human-rights-age-platforms
https://www.ivir.nl/publicaties/download/privacy_disconnect.pdf},
isbn = {9780262039055},
year = {2020},
date = {2020-02-07},
booktitle = {Chapter in: Human Rights in the Age of Platforms, ed. R.F. J\orgensen, Cambridge: The MIT Press, 2019.},
pages = {255-284},
keywords = {},
pubstate = {published},
tppubtype = {inbook}
}

@article{Dobber2020,
title = {The regulation of online political micro-targeting in Europe},
author = {Dobber, T. and Fahy, R. and Zuiderveen Borgesius, F.},
url = {https://policyreview.info/articles/analysis/regulation-online-political-micro-targeting-europe},
doi = {10.14763/2019.4.1440},
year = {2020},
date = {2020-01-16},
journal = {Internet Policy Review},
volume = {8},
number = {4},
abstract = {In this paper, we examine how online political micro-targeting is regulated in Europe. While there are no specific rules on such micro-targeting, there are general rules that apply. We focus on three fields of law: data protection law, freedom of expression, and sector-specific rules for political advertising; for the latter we examine four countries. We argue that the rules in the General Data Protection Regulation (GDPR) are necessary, but not sufficient. We show that political advertising, including online political micro-targeting, is protected by the right to freedom of expression. That right is not absolute, however. From a European human rights perspective, it is possible for lawmakers to limit the possibilities for political advertising. Indeed, some countries ban TV advertising for political parties during elections.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}

@article{Ausloos2020,
title = {Getting Data Subject Rights Right: A submission to the European Data Protection Board from international data rights academics, to inform regulatory guidance},
author = {Ausloos, J. and Veale, M. and Mahieu, R.},
url = {https://www.jipitec.eu/issues/jipitec-10-3-2019/5031},
year = {2019},
date = {2019-12-31},
journal = {JIPITEC},
volume = {10},
number = {3},
abstract = {We are a group of academics active in research and practice around data rights. We believe that the European Data Protection Board (EDPB) guidance on data rights currently under development is an important point to resolve a variety of tensions and grey areas which, if left unaddressed, may significantly undermine the fundamental right to data protection. All of us were present at the recent stakeholder event on data rights in Brussels on 4 November 2019, and it is in the context and spirit of stakeholder engagement that we have created this document to explore and provide recommendations and examples in this area. This document is based on comprehensive empirical evidence as well as CJEU case law, EDPB (and, previously, Article 29 Working Party) guidance and extensive scientific research into the scope, rationale, effects and general modalities of data rights.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}

@article{Giannopoulou2019bb,
title = {Access and Reuse of Machine-Generated Data for Scientific Research},
author = {Giannopoulou, A.},
url = {https://www.ivir.nl/publicaties/download/Erasmus_Law_Review_2019.pdf},
doi = {10.5553/ELR.000136},
year = {2019},
date = {2019-12-20},
journal = {Erasmus Law Review},
number = {2},
pages = {155-165},
abstract = {Data driven innovation holds the potential in transforming current business and knowledge discovery models. For this reason, data sharing has become one of the central points of interest for the European Commission towards the creation of a Digital Single Market. The value of automatically generated data, which are collected by Internet-connected objects (IoT), is increasing: from smart houses to wearables, machine-generated data hold significant potential for growth, learning, and problem solving. Facilitating researchers in order to provide access to these types of data implies not only the articulation of existing legal obstacles and of proposed legal solutions but also the understanding of the incentives that motivate the sharing of the data in question. What are the legal tools that researchers can use to gain
access and reuse rights in the context of their research?},
keywords = {},
pubstate = {published},
tppubtype = {article}
}

@article{Fahy2019eb,
title = {European Regulation of Smartphone Ecosystems},
author = {Fahy, R. and van Hoboken, J.},
url = {https://edpl.lexxion.eu/article/EDPL/2019/4/6},
doi = {https://doi.org/10.21552/edpl/2019/4/6},
year = {2019},
date = {2019-12-13},
journal = {European Data Protection Law Review (EDPL)},
volume = {5},
number = {4},
pages = {476-491},
abstract = {For the first time, two pieces of EU legislation will specifically target smartphone ecosystems in relation to smartphone and mobile software (eg, iOS and Android) privacy, and use and monetisation of data. And yet, both pieces of legislation approach data use and data monetisation from radically contrasting perspectives. The first is the proposed ePrivacy Regulation, which seeks to provide enhanced protection against user data monitoring and tracking in smartphones, and safeguard privacy in electronic communications. On the other hand, the recently enacted Platform-to-Business Regulation 2019, seeks to bring fairness to platform-business user relations (including app stores and app developers), and is crucially built upon the premise that the ability to access and use data, including personal data, can enable important value creation in the online platform economy. This article discusses how these two Regulations will apply to smartphone ecosystems, especially relating to user and device privacy. The article analyses the potential tension points between the two sets of rules, which result from the underlying policy objectives of safeguarding privacy in electronic communications and the functioning of the digital economy in the emerging era of platform governance. The article concludes with a discussion on how to address these issues, at the intersection of privacy and competition in the digital platform economy.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}

@online{Brodolini2019,
title = {Fundamental rights review of EU data collection instruments and programmes},
author = {Fondazione Giacomo Brodolini and Irion, K. },
url = {http://www.fondazionebrodolini.it/sites/default/files/final_report_0.pdf},
year = {2019},
date = {2019-12-04},
abstract = {This report is the result of a Pilot Project requested by the European Parliament, managed by the Commission and carried out by a group of independent experts. The scope of the project was to establish and support an independent experts’ group to carry out a fundamental rights review of existing EU legislation and instruments in the Area of Freedom, Security and Justice (AFSJ) that involve the collection, retention, storage or transfer of personal data. One outcome of the project is a database of AFSJ legislation and instruments with individual fundamental rights assessments (at http://brodolini.mbs.it/). The final report concludes that that fundamental rights safeguards need to be more consistently considered and applied in the AFSJ. The conclusions highlight five broad issues for further consideration: ambiguous definitions and open terms; law enforcement access to migration databases; the expansion of centralised databases; data retention periods; and information rights and duties.},
note = {Final report},
keywords = {},
pubstate = {published},
tppubtype = {online}
}

@article{vanDaalen2019b,
title = {Justitie toegang geven tot versleutelde chatberichten is geen goed idee},
author = {van Daalen, O.},
url = {https://www.trouw.nl/opinie/justitie-toegang-geven-tot-versleutelde-chatberichten-is-geen-goed-idee~bd398447/},
year = {2019},
date = {2019-11-08},
journal = {Trouw},
note = {Opinie},
keywords = {},
pubstate = {published},
tppubtype = {article}
}

@article{Rucz2019b,
title = {Territorial scope of the “right to erasure” limited to the EU},
author = {Rucz, M.},
url = {http://merlin.obs.coe.int/iris/2019/10/article3.en.html},
year = {2019},
date = {2019-10-22},
journal = {IRIS},
keywords = {},
pubstate = {published},
tppubtype = {article}
}

@article{Mil2019c,
title = {Annotatie bij Rb. Noord-Holland 23 mei 2019 },
author = {Mil, J. van},
url = {https://www.ivir.nl/publicaties/download/Annotatie_CR_2019_4.pdf},
year = {2019},
date = {2019-09-19},
journal = {Computerrecht},
volume = {2019},
number = {4},
pages = {267-273},
abstract = {De rechtbank bakent de omvang van het inzagerecht af in overeenstemming met eerdere jurisprudentie, waarmee zij verwerkingsverantwoordelijke handvatten biedt voor die gevallen waarin zij zich geconfronteerd ziet met inzageverzoeken.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}

@article{Kabel2019c,
title = {Het prinsesje op de erwt en de tovenaarsleerling},
author = {Kabel, J.},
url = {https://www.ivir.nl/publicaties/download/PI_2019_3.pdf},
year = {2019},
date = {2019-07-30},
journal = {Privacy & Informatie},
volume = {22},
number = {3},
pages = {89-90},
note = {Redactioneel},
keywords = {},
pubstate = {published},
tppubtype = {article}
}

@article{Poort2019c,
title = {Prijsdiscriminatie, privacy en publieke opinie},
author = {Poort, J. and Zuiderveen Borgesius, F.},
url = {https://arsaequi.nl/product/prijsdiscriminatie-privacy-en-publieke-opinie/},
year = {2019},
date = {2019-07-04},
journal = {Ars Aequi},
volume = {2019},
pages = {580-590},
abstract = {Webwinkels zijn technisch in staat om elke consument een andere prijs aan te bieden: online prijsdiscriminatie. Dit artikel bespreekt twee enqu\^{e}tes over dergelijke praktijken die zijn gehouden onder
de Nederlandse bevolking en onderzoekt de implicaties van de Algemene Verordening Gegevensbescherming (AVG) voor online prijsdiscriminatie.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}

@article{Ryngaert2019,
title = {International cooperation by (European) security and intelligence services: reviewing the creation of a joint database in light of data protection guarantees},
author = {Ryngaert, C.M.J. and van Eijk, N.},
url = {https://www.ivir.nl/publicaties/download/IDPL_2019_1.pdf},
doi = {https://doi.org/10.1093/idpl/ipz001},
year = {2019},
date = {2019-04-09},
journal = {International Data Privacy Law},
volume = {2019},
number = {1},
pages = {61-73},
keywords = {},
pubstate = {published},
tppubtype = {article}
}

@article{Dommering2019,
title = {Annotatie bij EHRM 28 juni 2018 (M.L. en W.W. / Duitsland)},
author = {Dommering, E.},
url = {https://www.ivir.nl/publicaties/download/Annotatie_NJ_2019_97.pdf},
year = {2019},
date = {2019-03-29},
journal = {Nederlandse Jurisprudentie},
volume = {2019},
number = {12},
pages = {1624-1626},
keywords = {},
pubstate = {published},
tppubtype = {article}
}

@article{Borgesius2019b,
title = {Online politieke microtargeting: Een zegen of een vloek voor de democratie?},
author = {Zuiderveen Borgesius, F. and M\"{o}ller, J. and Dobber, T. and Kruikemeier, S. and Irion, K. and Stapel, S. and Fahy, R. and Bod\'{o}, B. and Vreese, C.H. de},
url = {https://www.ivir.nl/publicaties/download/NJB_2019.pdf},
year = {2019},
date = {2019-03-19},
journal = {Nederlands Juristenblad (NJB)},
volume = {2019},
number = {10},
pages = {528-669},
abstract = {Voor online politieke microtargeting wordt het online-gedrag van mensen in kaart gebracht en worden de verzamelde gegevens gebruikt om mensen gerichte politieke advertenties te tonen. Microtargeting is vanuit de VS komen overwaaien naar Europa en heeft voor- en nadelen voor de democratie. Microtargeting kan politieke partijen helpen om mensen effectief te bereiken en kan politieke betrokkenheid stimuleren. Maar microtargeting kan ook een bedreiging vormen voor de democratie. Zo kan een politieke partij zich verschillend voordoen aan verschillende mensen. Bovendien bedreigt het verzamelen van persoonsgegevens onze privacy. Dit artikel brengt de beloftes en bedreigingen van microtargeting voor de democratie in kaart en schetst mogelijkheden voor beleidsmakers om het gebruik van microtargeting te reguleren.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}

@article{Hoofnagle2018,
title = {The European Union General Data Protection Regulation: What It Is And What It Means},
author = {Hoofnagle, C.J. and van der Sloot, B. and Zuiderveen Borgesius, F.},
url = {https://www.tandfonline.com/doi/full/10.1080/13600834.2019.1573501},
year = {2019},
date = {2019-02-12},
journal = {Information & Communications Technology Law},
volume = {2019},
abstract = {This article introduces U.S. lawyers and academics to the normative foundations, attributes, and strategic approach to regulating personal data advanced by the European Union’s General Data Protection Regulation (“GDPR”). We explain the genesis of the GDPR, which is best understood as an extension and refinement of existing requirements imposed by the 1995 Data Protection Directive; describe the GDPR’s approach and provisions; and make predictions about the GDPR’s short and medium-term implications. The GDPR is the most consequential regulatory development in information policy in a generation. The GDPR brings personal data into a detailed and protective regulatory regime, which will influence personal data usage worldwide. Understood properly, the GDPR encourages firms to develop information governance frameworks, to in-house data use, and to keep humans in the loop in decision making. Companies with direct relationships with consumers have strategic advantages under the GDPR, compared to third party advertising firms on the internet. To reach these objectives, the GDPR uses big sticks, structural elements that make proving violations easier, but only a few carrots. The GDPR will complicate and restrain some information-intensive business models. But the GDPR will also enable approaches previously impossible under less-protective approaches.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}

@article{Fahy2019e,
title = {Mobile Privacy and Business-to-Platform Dependencies: An Analysis of SEC Disclosures},
author = {Fahy, R. and van Hoboken, J. and van Eijk, N.},
url = {https://digitalcommons.law.umaryland.edu/jbtl/vol14/iss1/4/},
year = {2019},
date = {2019-02-06},
journal = {Journal of Business & Technology Law },
volume = {14},
number = {1},
abstract = {This Article systematically examines the dependence of mobile apps on mobile platforms for the collection and use of personal information through an analysis of Securities and Exchange Commission (SEC) filings of mobile app companies. The Article uses these disclosures to find systematic evidence of how app business models are shaped by the governance of user data by mobile platforms, in order to reflect on the role of platforms in privacy regulation more generally. The analysis of SEC filings documented in the Article produces new and unique insights into the data practices and data-related aspects of the business models of popular mobile apps and shows the value of SEC filings for privacy law and policy research more generally. The discussion of SEC filings and privacy builds on regulatory developments in SEC disclosures and cybersecurity of the last decade. The Article also connects to recent regulatory developments in the U.S. and Europe, including the General Data Protection Regulation, the proposals for a new ePrivacy Regulation and a Regulation of fairness in business-to-platform relations.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}

@inbook{Oostveen2018,
title = {The Golden Age of Personal Data: How to Regulate an Enabling Fundamental Right?},
author = {Oostveen, M. and Irion, K.},
url = {https://link.springer.com/chapter/10.1007/978-3-662-57646-5_2},
year = {2018},
date = {2018-11-20},
publisher = {In: Bakhoum M., Conde Gallego B., Mackenrodt MO., Surblyt\.{e}-Namavi\v{c}ien\.{e} G. (eds) Personal Data in Competition, Consumer Protection and Intellectual Property Law. MPI Studies on Intellectual Property and Competition Law, vol 28. Springer, Berlin, Heidelberg},
abstract = {New technologies, purposes and applications to process individuals’ personal data are being developed on a massive scale. But we have not only entered the ‘golden age of personal data’ in terms of its exploitation: ours is also the ‘golden age of personal data’ in terms of regulation of its use. Understood as an enabling right, the architecture of EU data protection law is capable of protecting against many of the negative short- and long-term effects of contemporary data processing. Against the backdrop of big data applications, we evaluate how the implementation of privacy and data protection rules protect against the short- and long-term effects of contemporary data processing. We conclude that from the perspective of protecting individual fundamental rights and freedoms, it would be worthwhile to explore alternative (legal) approaches instead of relying on EU data protection law alone to cope with contemporary data processing.},
keywords = {},
pubstate = {published},
tppubtype = {inbook}
}

@inbook{Irion2018c,
title = {The right to protection of personal data: the new posterchild of European Union citizenship?},
author = {Irion, K. and Granger, M.-P.},
url = {https://www.ivir.nl/publicaties/download/The-right-to-protection-of-personal-data-prepub.pdf},
doi = {10.4337/9781788113441.00019},
year = {2018},
date = {2018-10-31},
publisher = {Edward Elgar Publishing},
abstract = {In this chapter we argue that the right to data protection is the posterchild of EU citizenship in the digital era. We start by providing a brief overview of the gradual construction of the right to personal data protection in the EU. We then identify a range of actors who have played a particular role in the building process, including EU citizens themselves. Next, we review the current legal ‘architecture’ of the right to the protection of personal data and discuss whether it could serve as a model for the future development of EU citizenship, notwithstanding remaining challenges at the level of national implementation and public and private compliance with EU rules. Finally, we reflect on the future of the right to data protection, and its contribution to the development of EU citizenship as a legal regime.},
note = {See also: https://www.elgaronline.com/view/edcoll/9781788113434/9781788113434.xml},
keywords = {},
pubstate = {published},
tppubtype = {inbook}
}

@article{vanDaalen2018b,
title = {Het privacy-argument tegen de Dopamine Machine},
author = {van Daalen, O.},
url = {https://www.ivir.nl/publicaties/download/PrivacyInformatie_2018_2.pdf},
year = {2018},
date = {2018-10-12},
journal = {Privacy & Informatierecht},
volume = {2018},
number = {2},
pages = {39-41},
abstract = {De kinderen van Apple-baas Steve Jobs mochten geen iPad gebruiken. 1 Maar Jobs was niet de enige. Veel techies in Silicon Valley zijn zich bewust van de verslavende effecten van IT \textendash ze hebben de producten namelijk zelf ontwikkeld. En nu steeds meer spijtoptanten oproepen tot regulering van onlinediensten zoals Facebook, vraag ik me af: welke rol kan het privacyrecht daarbij spelen?},
keywords = {},
pubstate = {published},
tppubtype = {article}
}

@article{Dommering2018j,
title = {Annotatie bij Hof van Justitie EU 20 december 2017 (Nowak / Data Protection Commissioner)},
author = {Dommering, E.},
url = {https://www.ivir.nl/publicaties/download/Annotatie_NJ_2018_314.pdf},
year = {2018},
date = {2018-09-13},
journal = {Nederlandse Jurisprudentie},
volume = {2018},
number = {314},
pages = {4793-4795},
keywords = {},
pubstate = {published},
tppubtype = {article}
}

@inbook{Sax2018b,
title = {Privacy from an Ethical Perspective},
author = {Sax, M.},
editor = {van der Sloot, B. and De Groot, A.},
url = {https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3299047},
isbn = {9789462988095},
year = {2018},
date = {2018-08-31},
booktitle = {The Handbook of Privacy Studies: An Interdisciplinary Introduction},
pages = {143-172},
publisher = {Amsterdam University Press},
chapter = {3},
keywords = {},
pubstate = {published},
tppubtype = {inbook}
}

@online{vanEijk2018i,
title = {How Should Facebook and Other Companies Protect Privacy While Letting People Share Their Information Between Apps and Services?},
author = {van Eijk, N.},
url = {https://newsroom.fb.com/news/2018/08/guest-post-nico-van-eijk/},
year = {2018},
date = {2018-08-07},
urldate = {2018-08-06},
abstract = {Blogpost part of a series on data portability and interoperability.},
keywords = {},
pubstate = {published},
tppubtype = {online}
}

@article{Arnbak2018h,
title = {Maatschappelijk belang onderbelicht in nieuwe Europese privacyregels},
author = {Arnbak, A.},
url = {https://axelarnbak.nl/2018/06/18/49e-fd-column-maatschappelijk-belang-onderbelicht-in-nieuwe-europese-privacyregels/},
year = {2018},
date = {2018-06-14},
journal = {Het Financieele Dagblad},
volume = {2018},
keywords = {},
pubstate = {published},
tppubtype = {article}
}

@article{vanEijk2018g,
title = {'Laat u niet opjagen door privacyophef'},
author = {van Eijk, N.},
url = {https://www.ivir.nl/publicaties/download/Opinie_Het_Parool_17mei2018.pdf},
year = {2018},
date = {2018-05-18},
abstract = {Alle opwinding over de nieuwe Europese privacyregels komt volgens Nico van Eijk neer op stemmingmakerij. Op 25 mei ziet hij bar weinig veranderen.},
note = {Opinie in Het Parool, 17 mei 2018.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}