Privacy
van Daalen, O.
The right to encryption: Privacy as preventing unlawful access Journal Article
In: Computer Law & Security Review, vol. 49, 2023.
@article{nokey,
title = {The right to encryption: Privacy as preventing unlawful access},
author = {van Daalen, O.},
url = {https://www.sciencedirect.com/science/article/pii/S0267364923000146},
doi = {10.1016/j.clsr.2023.105804},
year = {2023},
date = {2023-05-23},
journal = {Computer Law \& Security Review},
volume = {49},
abstract = {Encryption technologies are a fundamental building block of modern digital infrastructure, but plans to curb these technologies continue to spring up. Even in the European Union, where their application is by now firmly embedded in legislation, lawmakers are again calling for measures which would impact these technologies. One of the most important arguments in this debate are human rights, most notably the rights to privacy and to freedom of expression. And although some authors have in the past explored how encryption technologies support human rights, this connection is not yet firmly grounded in an analysis of European human rights case law. This contribution aims to fill this gap, developing a framework for assessing restrictions of encryption technologies under the rights to privacy and freedom of expression as protected under the European Convention of Human Rights (the Convention) and the Charter of Fundamental rights in the European Union (the Charter). In the first section, the relevant function of encryption technologies, restricting access to information (called confidentiality), is discussed. In the second section, an overview of some governmental policies and practices impacting these technologies is provided. This continues with a discussion of the case law on the rights to privacy, data protection and freedom of expression, arguing that these rights are not only about ensuring lawful access by governments to protected information, but also about preventing unlawful access by others. And because encryption technologies are an important technology to reduce the risk of this unlawful access, it is then proposed that this risk is central to the assessment of governance measures in the field of encryption technologies. The article concludes by recommending that states perform an in-depth assessement of this when proposing new measures, and that courts when reviewing them also place the risk of unlawful access central to the analysis of interference and proportionality.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Encryption technologies are a fundamental building block of modern digital infrastructure, but plans to curb these technologies continue to spring up. Even in the European Union, where their application is by now firmly embedded in legislation, lawmakers are again calling for measures which would impact these technologies. One of the most important arguments in this debate are human rights, most notably the rights to privacy and to freedom of expression. And although some authors have in the past explored how encryption technologies support human rights, this connection is not yet firmly grounded in an analysis of European human rights case law. This contribution aims to fill this gap, developing a framework for assessing restrictions of encryption technologies under the rights to privacy and freedom of expression as protected under the European Convention of Human Rights (the Convention) and the Charter of Fundamental rights in the European Union (the Charter). In the first section, the relevant function of encryption technologies, restricting access to information (called confidentiality), is discussed. In the second section, an overview of some governmental policies and practices impacting these technologies is provided. This continues with a discussion of the case law on the rights to privacy, data protection and freedom of expression, arguing that these rights are not only about ensuring lawful access by governments to protected information, but also about preventing unlawful access by others. And because encryption technologies are an important technology to reduce the risk of this unlawful access, it is then proposed that this risk is central to the assessment of governance measures in the field of encryption technologies. The article concludes by recommending that states perform an in-depth assessement of this when proposing new measures, and that courts when reviewing them also place the risk of unlawful access central to the analysis of interference and proportionality.
van Daalen, O.
Fundamental rights assessment of the framework for detection orders under the CSAM proposal Technical Report
2023.
@techreport{nokey,
title = {Fundamental rights assessment of the framework for detection orders under the CSAM proposal},
author = {van Daalen, O.},
url = {https://www.ivir.nl/csamreport/},
year = {2023},
date = {2023-04-22},
keywords = {},
pubstate = {published},
tppubtype = {techreport}
}
Dobber, T.; Kruikemeier, S.; Helberger, N.; Goodman, E.
Shielding citizens? Understanding the impact of political advertisement transparency information Journal Article
In: New Media & Society, 2023.
@article{nokey,
title = {Shielding citizens? Understanding the impact of political advertisement transparency information},
author = {Dobber, T. and Kruikemeier, S. and Helberger, N. and Goodman, E.},
doi = {10.1177/14614448231157640},
year = {2023},
date = {2023-04-21},
journal = {New Media \& Society},
abstract = {Online targeted advertising leverages an information asymmetry between the advertiser and the recipient. Policymakers in the European Union and the United States aim to decrease this asymmetry by requiring information transparency information alongside political advertisements, in the hope of activating citizens’ persuasion knowledge. However, the proposed regulations all present different directions with regard to the required content of transparency information. Consequently, not all proposed interventions will be (equally) effective. Moreover, there is a chance that transparent information has additional consequences, such as increasing privacy concerns or decreasing advertising effectiveness. Using an online experiment (N = 1331), this study addresses these challenges and finds that two regulatory interventions (DSA and HAA) increase persuasion knowledge, while the chance of raising privacy concerns or lowering advertisement effectiveness is present but slim. Results suggest transparency information interventions have some promise, but at the same time underline the limitations of user-facing transparency interventions.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Online targeted advertising leverages an information asymmetry between the advertiser and the recipient. Policymakers in the European Union and the United States aim to decrease this asymmetry by requiring information transparency information alongside political advertisements, in the hope of activating citizens’ persuasion knowledge. However, the proposed regulations all present different directions with regard to the required content of transparency information. Consequently, not all proposed interventions will be (equally) effective. Moreover, there is a chance that transparent information has additional consequences, such as increasing privacy concerns or decreasing advertising effectiveness. Using an online experiment (N = 1331), this study addresses these challenges and finds that two regulatory interventions (DSA and HAA) increase persuasion knowledge, while the chance of raising privacy concerns or lowering advertisement effectiveness is present but slim. Results suggest transparency information interventions have some promise, but at the same time underline the limitations of user-facing transparency interventions.
Irion, K.; Kaminski, M.; Yakovleva, S.
Privacy Peg, Trade Hole: Why We (Still) Shouldn’t Put Data Privacy in Trade Law Online
2023, visited: 28.03.2023.
@online{Irion2023,
title = {Privacy Peg, Trade Hole: Why We (Still) Shouldn’t Put Data Privacy in Trade Law},
author = {Irion, K. and Kaminski, M. and Yakovleva, S.},
url = {https://lawreviewblog.uchicago.edu/2023/03/27/irion-kaminski-yakovleva/},
year = {2023},
date = {2023-03-28},
urldate = {2023-03-28},
abstract = {A Response to Profs. Anupam Chander \& Paul Schwartz’s Privacy and/or Trade.
Some principles are not well suited for negotiation through the international trade regime. Or rather, the international trade regime has never been the right forum for negotiating or enforcing human rights. The World Trade Organization’s (WTO’s) current approach to data privacy law both instantiates and illustrates this: it brackets data privacy as something trade law cannot well address, while illustrating the ways in which trade law superimposes its prioritization of trade liberalization atop other public values. Trade’s core framing prioritizes economic over human rights values. Beyond ensuring non-discriminatory treatment, trade law remains, in our view, the wrong place for both defining and enforcing rules on cross-border flows of personal data. Thus, while we welcome with open arms the thoughtful attention Professors Anupam Chander and Paul Schwartz pay to the current transnational struggle over data flows and digital trade, we cannot join in their optimism that trade law is the right forum for arbitrating it. },
howpublished = {University of Chicago Law Review Online, 27 March 2023},
keywords = {},
pubstate = {published},
tppubtype = {online}
}
A Response to Profs. Anupam Chander & Paul Schwartz’s Privacy and/or Trade.
Some principles are not well suited for negotiation through the international trade regime. Or rather, the international trade regime has never been the right forum for negotiating or enforcing human rights. The World Trade Organization’s (WTO’s) current approach to data privacy law both instantiates and illustrates this: it brackets data privacy as something trade law cannot well address, while illustrating the ways in which trade law superimposes its prioritization of trade liberalization atop other public values. Trade’s core framing prioritizes economic over human rights values. Beyond ensuring non-discriminatory treatment, trade law remains, in our view, the wrong place for both defining and enforcing rules on cross-border flows of personal data. Thus, while we welcome with open arms the thoughtful attention Professors Anupam Chander and Paul Schwartz pay to the current transnational struggle over data flows and digital trade, we cannot join in their optimism that trade law is the right forum for arbitrating it.
Dommering, E.
Annotatie Hoge Raad 3 december 2021 (Hoist Finance AB) Journal Article
In: Nederlandse Jurisprudentie, iss. 37/38/39, no. 258, pp. 4640-4642, 2022.
@article{nokey,
title = {Annotatie Hoge Raad 3 december 2021 (Hoist Finance AB)},
author = {Dommering, E.},
url = {https://www.ivir.nl/annotatie_nj_2022_258/},
year = {2022},
date = {2022-11-28},
journal = {Nederlandse Jurisprudentie},
number = {258},
issue = {37/38/39},
pages = {4640-4642},
abstract = {Prejudici\"{e}le beslissing op voet art. 392 Rv. Algemene verordening gegevensbescherming (AVG). Rechtsgrond verwerking persoonsgegevens in kredietregistratiestelsel BKR; recht op gegevenswissing; recht op bezwaar.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Prejudiciële beslissing op voet art. 392 Rv. Algemene verordening gegevensbescherming (AVG). Rechtsgrond verwerking persoonsgegevens in kredietregistratiestelsel BKR; recht op gegevenswissing; recht op bezwaar.
Dommering, E.
Annotatie bij Hoge Raad 25 februari 2022 (Google) Journal Article
In: Nederlandse Jurisprudentie, iss. 37/38/39, no. 259, pp. 4708-4709, 2022.
@article{nokey,
title = {Annotatie bij Hoge Raad 25 februari 2022 (Google)},
author = {Dommering, E.},
url = {https://www.ivir.nl/annotatie_nj_2022_259/},
year = {2022},
date = {2022-11-28},
journal = {Nederlandse Jurisprudentie},
number = {259},
issue = {37/38/39},
pages = {4708-4709},
abstract = {Privacyrecht. Algemene Verordening Gegevensbescherming (AVG); verzoek verwijdering zoekresultaten; gevoelige persoonsgegevens (art. 10 AVG); maatstaf. Proceskosten in AVG-zaken; doeltreffende voorziening (art. 79 AVG en art. 47
Handvest Grondrechten EU).},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Privacyrecht. Algemene Verordening Gegevensbescherming (AVG); verzoek verwijdering zoekresultaten; gevoelige persoonsgegevens (art. 10 AVG); maatstaf. Proceskosten in AVG-zaken; doeltreffende voorziening (art. 79 AVG en art. 47
Handvest Grondrechten EU).
Handvest Grondrechten EU).
Giannopoulou, A.
Allocating Control in Decentralised Identity Management Journal Article
In: European Review of Digital Administration & Law - Erdal, vol. 2021, iss. 2, pp. 75-87, 2022.
@article{nokey,
title = {Allocating Control in Decentralised Identity Management},
author = {Giannopoulou, A.},
url = {https://www.ivir.nl/erdal_2021_2/},
doi = {10.53136/97912599475299},
year = {2022},
date = {2022-07-21},
urldate = {2022-07-21},
journal = {European Review of Digital Administration \& Law - Erdal},
volume = {2021},
issue = {2},
pages = {75-87},
abstract = {Creating legal identity in the digital space involves the challenging task of addressing the datarelated responsibilities and obligations for data governance and data protection (by design and by default) to name a few. Substantially, it also requires the datafication of legal identity which means transposing all its properties and foundational traits inits corresponding data expressions and relations. As (digital) legal identity evolves from the fringes of purely technology-related challenges towards the legal and socio-technical, state institutions \textendashsovereignly responsible for delivering digital legal identities to citizens\textendash are acknowledging the polyvalent, non-monolithic, and relational characters of identitiesand they explore appropriate architectures. This paper sets out to explore the institutional turn towards decentralized digital identities. The claims surrounding these digital identities raise high hopes for the cross border digital identity provisioning being data protection and privacy compliant, technologically secure, and user-centric. This paper attempts to explore how the relevant accountable actors \textendashas recognized through the data protection normative framework\textendash are formed around the technological identity infrastructure.We highlight and examine the conflict between the European proposals on the provision of digital identity infrastructures through decentralized architectures and the concepts of data controllership in the GDPR.
},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Creating legal identity in the digital space involves the challenging task of addressing the datarelated responsibilities and obligations for data governance and data protection (by design and by default) to name a few. Substantially, it also requires the datafication of legal identity which means transposing all its properties and foundational traits inits corresponding data expressions and relations. As (digital) legal identity evolves from the fringes of purely technology-related challenges towards the legal and socio-technical, state institutions –sovereignly responsible for delivering digital legal identities to citizens– are acknowledging the polyvalent, non-monolithic, and relational characters of identitiesand they explore appropriate architectures. This paper sets out to explore the institutional turn towards decentralized digital identities. The claims surrounding these digital identities raise high hopes for the cross border digital identity provisioning being data protection and privacy compliant, technologically secure, and user-centric. This paper attempts to explore how the relevant accountable actors –as recognized through the data protection normative framework– are formed around the technological identity infrastructure.We highlight and examine the conflict between the European proposals on the provision of digital identity infrastructures through decentralized architectures and the concepts of data controllership in the GDPR.
Mil, J. van; Quintais, J.
A Matter of (Joint) control? Virtual assistants and the general data protection regulation Journal Article
In: Computer Law & Security Review, vol. 45, 2022.
@article{nokey,
title = {A Matter of (Joint) control? Virtual assistants and the general data protection regulation},
author = {Mil, J. van and Quintais, J.},
doi = {https://doi.org/10.1016/j.clsr.2022.105689},
year = {2022},
date = {2022-06-16},
journal = {Computer Law \& Security Review},
volume = {45},
abstract = {This article provides an overview and critical examination of the rules for determining who qualifies as controller or joint controller under the General Data Protection Regulation. Using Google Assistant \textendash an artificial intelligence-driven virtual assistant \textendash as a case study, we argue that these rules are overreaching and difficult to apply in the present-day information society and Internet of Things environments. First, as a consequence of recent developments in case law and supervisory guidance, these rules lead to a complex and ambiguous test to determine (joint) control. Second, due to advances in technological applications and business models, it is increasingly challenging to apply such rules to contemporary processing operations. In particular, as illustrated by the Google Assistant, individuals will likely be qualified as joint controllers, together with Google and also third-party developers, for at least the collection and possible transmission of other individuals’ personal data via the virtual assistant. Third, we identify follow-on issues relating to the apportionment of responsibilities between joint controllers and the effective and complete protection of data subjects. We conclude by questioning whether the framework for determining who qualifies as controller or joint controller is future-proof and normatively desirable.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
This article provides an overview and critical examination of the rules for determining who qualifies as controller or joint controller under the General Data Protection Regulation. Using Google Assistant – an artificial intelligence-driven virtual assistant – as a case study, we argue that these rules are overreaching and difficult to apply in the present-day information society and Internet of Things environments. First, as a consequence of recent developments in case law and supervisory guidance, these rules lead to a complex and ambiguous test to determine (joint) control. Second, due to advances in technological applications and business models, it is increasingly challenging to apply such rules to contemporary processing operations. In particular, as illustrated by the Google Assistant, individuals will likely be qualified as joint controllers, together with Google and also third-party developers, for at least the collection and possible transmission of other individuals’ personal data via the virtual assistant. Third, we identify follow-on issues relating to the apportionment of responsibilities between joint controllers and the effective and complete protection of data subjects. We conclude by questioning whether the framework for determining who qualifies as controller or joint controller is future-proof and normatively desirable.
Janssen, H.; Seng Ah Lee, M.; Singh, J.; Cobbe, J.
Defining the scope of AI ADM system risk assessment Book Chapter
In: Research handbook on EU data protection law, E. Kosta, R. Leenes & I. Kamara (ed.), Chapter 16, pp. 405-434, Edgar Elgar Publishing, 2022.
@inbook{nokey,
title = {Defining the scope of AI ADM system risk assessment},
author = {Janssen, H. and Seng Ah Lee, M. and Singh, J. and Cobbe, J.},
year = {2022},
date = {2022-06-16},
booktitle = {Research handbook on EU data protection law, E. Kosta, R. Leenes \& I. Kamara (ed.)},
pages = {405-434},
publisher = {Edgar Elgar Publishing},
chapter = {16},
keywords = {},
pubstate = {published},
tppubtype = {inbook}
}
Dommering, E.
Naar een algemeen transparantiebeginsel? : Bespreking van het preadvies van A.W.G.J. Buijze voor de VAR 2022 Journal Article
In: Nederlands Tijdschrift voor Bestuursrecht, iss. 5, no. 141, pp. 265-271, 2022.
@article{nokey,
title = {Naar een algemeen transparantiebeginsel? : Bespreking van het preadvies van A.W.G.J. Buijze voor de VAR 2022},
author = {Dommering, E.},
url = {https://www.ivir.nl/ntb_2022_5_141/},
year = {2022},
date = {2022-06-07},
urldate = {2022-06-07},
journal = {Nederlands Tijdschrift voor Bestuursrecht},
number = {141},
issue = {5},
pages = {265-271},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Alberdingk Thijm, Chr. A.
Knock Knock Who's There? Tussenpersonen, persoonsgegevens en de kunst van het juiste evenwicht Journal Article
In: Ars Aequi, iss. april, pp. 279-288, 2022.
@article{nokey,
title = {Knock Knock Who's There? Tussenpersonen, persoonsgegevens en de kunst van het juiste evenwicht},
author = {Alberdingk Thijm, Chr. A.},
url = {https://www.ivir.nl/nl/aa_2022/},
year = {2022},
date = {2022-04-08},
journal = {Ars Aequi},
issue = {april},
pages = {279-288},
abstract = {Wat te doen als je op Twitter door een anoniem profiel voor rotte vis wordt uitgemaakt? Het Nederlandse recht biedt verschillende mogelijkheden om identificerende gegevens te verkrijgen van internettussenpersonen. Maar hoe wordt de afweging met de bescherming van de persoonsgegevens van de anonymus gemaakt? Hoe verhoudt het recht op een doeltreffende voorziening in rechte zich tot het gegevensbeschermingsrecht? Het Hof van Justitie schrijft voor dat bij botsende
fundamentele rechten het ‘juiste evenwicht’ moet worden gevonden. Dat blijkt de Nederlandse rechter nog niet zo eenvoudig te vinden, zo wordt duidelijk bij de bespreking van het Dutch FilmWorks-arrest in dit artikel.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Wat te doen als je op Twitter door een anoniem profiel voor rotte vis wordt uitgemaakt? Het Nederlandse recht biedt verschillende mogelijkheden om identificerende gegevens te verkrijgen van internettussenpersonen. Maar hoe wordt de afweging met de bescherming van de persoonsgegevens van de anonymus gemaakt? Hoe verhoudt het recht op een doeltreffende voorziening in rechte zich tot het gegevensbeschermingsrecht? Het Hof van Justitie schrijft voor dat bij botsende
fundamentele rechten het ‘juiste evenwicht’ moet worden gevonden. Dat blijkt de Nederlandse rechter nog niet zo eenvoudig te vinden, zo wordt duidelijk bij de bespreking van het Dutch FilmWorks-arrest in dit artikel.
fundamentele rechten het ‘juiste evenwicht’ moet worden gevonden. Dat blijkt de Nederlandse rechter nog niet zo eenvoudig te vinden, zo wordt duidelijk bij de bespreking van het Dutch FilmWorks-arrest in dit artikel.
van Eechoud, M.; Schumacher, L.D.
Data na de dood: Zwevend tussen contract en gegevensbescherming Journal Article
In: Nederlands Juristenblad (NJB), iss. 6, no. 355, pp. 396-405, 2022.
@article{nokey,
title = {Data na de dood: Zwevend tussen contract en gegevensbescherming},
author = {van Eechoud, M. and Schumacher, L.D.},
url = {https://www.ivir.nl/publicaties/download/NJB_2022_355.pdf},
year = {2022},
date = {2022-02-14},
journal = {Nederlands Juristenblad (NJB)},
number = {355},
issue = {6},
pages = {396-405},
abstract = {Mensen zijn zich nog weinig bewust van wat de implicaties van overlijden zijn voor het digitale bezit dat ze nalaten, terwijl iedereen hier steeds meer van heeft. Opvattingen verschillen over de mate waarin erfgenamen toegang moeten krijgen; er is nog weinig bekend over (veranderende) maatschappelijke opvattingen daarover. Omdat digitale communicatie geregeerd wordt door standaardovereenkomsten met aanbieders van informatiediensten, wordt ook de positie van erfgenamen daar primair door bepaald. Tegelijkertijd hebben veel aanbieders nog geen doordacht ‘overlijdensbeleid’ en daarbij passende voorwaarden en tools. Het lijkt tijd dat de (Europese) wetgever daar wat aan gaat veranderen. Om op kortere termijn te zorgen voor meer rechtszekerheid, zou de Nederlandse wetgever in ieder geval enkele specifieke plichten en rechten uit de AVG van toepassing kunnen verklaren op de persoonsgegevens van overleden gebruikers van informatiediensten.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Mensen zijn zich nog weinig bewust van wat de implicaties van overlijden zijn voor het digitale bezit dat ze nalaten, terwijl iedereen hier steeds meer van heeft. Opvattingen verschillen over de mate waarin erfgenamen toegang moeten krijgen; er is nog weinig bekend over (veranderende) maatschappelijke opvattingen daarover. Omdat digitale communicatie geregeerd wordt door standaardovereenkomsten met aanbieders van informatiediensten, wordt ook de positie van erfgenamen daar primair door bepaald. Tegelijkertijd hebben veel aanbieders nog geen doordacht ‘overlijdensbeleid’ en daarbij passende voorwaarden en tools. Het lijkt tijd dat de (Europese) wetgever daar wat aan gaat veranderen. Om op kortere termijn te zorgen voor meer rechtszekerheid, zou de Nederlandse wetgever in ieder geval enkele specifieke plichten en rechten uit de AVG van toepassing kunnen verklaren op de persoonsgegevens van overleden gebruikers van informatiediensten.
Dommering, E.
In: Nederlandse Jurisprudentie, no. 49, pp. 6225-6237, 2021.
@article{nokey,
title = {Annotatie bij EHRM 25 mei 2021 (Big Brother Watch e.a. / Verenigd Koninkrijk) en Hof van Justitie EU 6 oktober 2020 (La Quadrature du Net e.a. / Premier ministre e.a.)},
author = {Dommering, E.},
url = {https://www.ivir.nl/publicaties/download/Annotatie_NJ_2021_362.pdf},
year = {2021},
date = {2021-12-07},
journal = {Nederlandse Jurisprudentie},
number = {49},
pages = {6225-6237},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Senftleben, M.; van Gompel, S.; Helmond, A.; Schumacher, L.D.; Ausloos, J.; van Hoboken, J.; Quintais, J.
Webharvesting Technical Report
2021, (Onderzoek in opdracht van het Wetenschappelijk Onderzoek- en Documentatiecentrum (WODC), 20 september 2021, WODC rapport 3142.).
@techreport{nokey,
title = {Webharvesting},
author = {Senftleben, M. and van Gompel, S. and Helmond, A. and Schumacher, L.D. and Ausloos, J. and van Hoboken, J. and Quintais, J.},
url = {https://www.ivir.nl/publicaties/download/Webharvesting_WODC.pdf},
year = {2021},
date = {2021-11-25},
urldate = {2021-11-25},
abstract = {Aan het volgende onderzoeksrapport ligt de doelstelling ten grondslag om te inventariseren wat juridisch, beleidsmatig en technisch nodig is om webharvesting mogelijk te maken, onder meer in de vorm van een zogenaamde nationale “domeincrawl”: het systematische kopi\"{e}ren en archiveren van webpagina’s die een afspiegeling vormen van de Nederlandse sociale, culturele, economische, juridische, politieke en wetenschappelijke geschiedenis online.},
note = {Onderzoek in opdracht van het Wetenschappelijk Onderzoek- en Documentatiecentrum (WODC), 20 september 2021, WODC rapport 3142.},
keywords = {},
pubstate = {published},
tppubtype = {techreport}
}
Aan het volgende onderzoeksrapport ligt de doelstelling ten grondslag om te inventariseren wat juridisch, beleidsmatig en technisch nodig is om webharvesting mogelijk te maken, onder meer in de vorm van een zogenaamde nationale “domeincrawl”: het systematische kopiëren en archiveren van webpagina’s die een afspiegeling vormen van de Nederlandse sociale, culturele, economische, juridische, politieke en wetenschappelijke geschiedenis online.
Irion, K.; Es, R. van; Meeren, K. van der; Dijkman, D.
Evaluatie PNR Wet Technical Report
2021, (WODC Rapport 3181, geschreven door K. Irion, R. van Es (IViR), K. van der Meeren & D. Dijkman (It's Public), november 2021).
@techreport{nokey,
title = {Evaluatie PNR Wet},
author = {Irion, K. and Es, R. van and Meeren, K. van der and Dijkman, D.},
url = {https://www.ivir.nl/publicaties/download/evaluatie-pnr-wet-1.pdf
https://repository.wodc.nl/handle/20.500.12832/3118},
year = {2021},
date = {2021-11-11},
abstract = {Op 18 juni 2019 is de Wet gebruik van passagiersgegevens voor de bestrijding van terroristische en ernstige misdrijven (PNR-wet) in werking getreden. Deze wet verplicht de luchtvaartmaatschappijen om passagiersgegevens van elke vlucht die in Nederland vertrekt of aankomt te verstrekken aan de Passagiersinformatie-eenheid Nederland (Pi-NL). De Pi-NL mag krachtens deze wet verzamelde passagiersgegevens uitsluitend verwerken voor het voorkomen, opsporen, onderzoeken en vervolgen van terroristische misdrijven en ernstige criminaliteit. Met de aanname van de PNR-wet voldoet de Nederlandse wetgever aan zijn plicht om de EU-richtlijn 2016/681 (PNR-richtlijn) te implementeren. Dit onderzoek vervult de verplichting uit artikel 25 van de PNR-wet dat twee jaar na de inwerkingtreding van de wet een evaluatie dient plaats te vinden van de doeltreffendheid en de effecten van deze wet in de praktijk. Deze evaluatie is ook gericht op de naleving van de privacywaarborgen en op de verwerking van passagiersgegevens van intra-EU-vluchten. De periode waarop deze evaluatie betrekking heeft, loopt van de inwerkingtreding van de wet op 18 juni 2019 tot 5 juli 2021},
note = {WODC Rapport 3181, geschreven door K. Irion, R. van Es (IViR), K. van der Meeren \& D. Dijkman (It's Public), november 2021},
keywords = {},
pubstate = {published},
tppubtype = {techreport}
}
Op 18 juni 2019 is de Wet gebruik van passagiersgegevens voor de bestrijding van terroristische en ernstige misdrijven (PNR-wet) in werking getreden. Deze wet verplicht de luchtvaartmaatschappijen om passagiersgegevens van elke vlucht die in Nederland vertrekt of aankomt te verstrekken aan de Passagiersinformatie-eenheid Nederland (Pi-NL). De Pi-NL mag krachtens deze wet verzamelde passagiersgegevens uitsluitend verwerken voor het voorkomen, opsporen, onderzoeken en vervolgen van terroristische misdrijven en ernstige criminaliteit. Met de aanname van de PNR-wet voldoet de Nederlandse wetgever aan zijn plicht om de EU-richtlijn 2016/681 (PNR-richtlijn) te implementeren. Dit onderzoek vervult de verplichting uit artikel 25 van de PNR-wet dat twee jaar na de inwerkingtreding van de wet een evaluatie dient plaats te vinden van de doeltreffendheid en de effecten van deze wet in de praktijk. Deze evaluatie is ook gericht op de naleving van de privacywaarborgen en op de verwerking van passagiersgegevens van intra-EU-vluchten. De periode waarop deze evaluatie betrekking heeft, loopt van de inwerkingtreding van de wet op 18 juni 2019 tot 5 juli 2021
Janssen, H.
Persoonlijke PIMS: privacyfort of luchtkasteel? Journal Article
In: Privacy & Informatie, no. 5, pp. 214-225, 2021.
@article{Janssen2021c,
title = {Persoonlijke PIMS: privacyfort of luchtkasteel?},
author = {Janssen, H.},
year = {2021},
date = {2021-10-28},
journal = {Privacy \& Informatie},
number = {5},
pages = {214-225},
abstract = {Persoonsgegevens worden thans veelal op ondoorzichtige wijze, buiten de controle van de betrokkenen verwerkt. Persoonlijke informatiebeheersystemen (PIMS) willen betrokkenen technologische toepassingen aanreiken, die hun meer controle geven over de verwerking van hun persoonsgegevens. PIMS presenteren zich als alternatief voor de huidige, ‘gecentraliseerde’ wijze van gegevensverwerking, waarbij (grote) organisaties persoonsgegevens op meestal ondoorzichtige wijze verzamelen, analyseren en doorgeven aan derden. PIMS bieden betrokkenen technische instrumenten waarmee zij zelf kunnen controleren en bepalen wanneer en aan wie zijn hun gegevens overdragen, en/of analyses over hun gegevens kunnen laten uitvoeren. Hoewel argumenten voor deze ‘decentralisatie’
aantrekkelijk klinken, rijzen vragen over de mate waarin PIMS de problemen met de huidige gegevensverwerking effectief kunnen bestrijden. In dit artikel ligt de focus bij de vraag in hoeverre deze PIMS de machtsongelijkheid tussen betrokkenen en grote organisaties daadwerkelijk kunnen bestrijden, die als gevolg van de huidige gegevensverwerkingspraktijk zijn ontstaan. PIMS kunnen enig inzicht in en controle over gegevensverwerking bieden, maar desondanks zal de machtsongelijkheid grotendeels blijven voortbestaan.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Persoonsgegevens worden thans veelal op ondoorzichtige wijze, buiten de controle van de betrokkenen verwerkt. Persoonlijke informatiebeheersystemen (PIMS) willen betrokkenen technologische toepassingen aanreiken, die hun meer controle geven over de verwerking van hun persoonsgegevens. PIMS presenteren zich als alternatief voor de huidige, ‘gecentraliseerde’ wijze van gegevensverwerking, waarbij (grote) organisaties persoonsgegevens op meestal ondoorzichtige wijze verzamelen, analyseren en doorgeven aan derden. PIMS bieden betrokkenen technische instrumenten waarmee zij zelf kunnen controleren en bepalen wanneer en aan wie zijn hun gegevens overdragen, en/of analyses over hun gegevens kunnen laten uitvoeren. Hoewel argumenten voor deze ‘decentralisatie’
aantrekkelijk klinken, rijzen vragen over de mate waarin PIMS de problemen met de huidige gegevensverwerking effectief kunnen bestrijden. In dit artikel ligt de focus bij de vraag in hoeverre deze PIMS de machtsongelijkheid tussen betrokkenen en grote organisaties daadwerkelijk kunnen bestrijden, die als gevolg van de huidige gegevensverwerkingspraktijk zijn ontstaan. PIMS kunnen enig inzicht in en controle over gegevensverwerking bieden, maar desondanks zal de machtsongelijkheid grotendeels blijven voortbestaan.
aantrekkelijk klinken, rijzen vragen over de mate waarin PIMS de problemen met de huidige gegevensverwerking effectief kunnen bestrijden. In dit artikel ligt de focus bij de vraag in hoeverre deze PIMS de machtsongelijkheid tussen betrokkenen en grote organisaties daadwerkelijk kunnen bestrijden, die als gevolg van de huidige gegevensverwerkingspraktijk zijn ontstaan. PIMS kunnen enig inzicht in en controle over gegevensverwerking bieden, maar desondanks zal de machtsongelijkheid grotendeels blijven voortbestaan.
Giannopoulou, A.
Putting Data Protection by Design on the Blockchain Journal Article
In: European Data Protection Law Review, vol. 7, no. 3, pp. 388-399, 2021.
@article{Giannopoulou2021,
title = {Putting Data Protection by Design on the Blockchain},
author = {Giannopoulou, A.},
doi = {10.21552/edpl/2021/3/7},
year = {2021},
date = {2021-10-22},
urldate = {2021-10-22},
journal = {European Data Protection Law Review},
volume = {7},
number = {3},
pages = {388-399},
abstract = {The principle of data protection by design, as it is enshrined in article 25 of the GDPR, is difficult to apply in blockchains. This article will assess how the reliance on asymmetric encryption and other privacy enhancing technological architectures -necessary in a blockchain-based system- approach both user control and data protection by design compliance from the single scope of anonymization and unlinkability. Data subjects’ rights, accountability, and the potential shortcomings of applied technological constraints are thus sidelined. Ultimately, this limited understanding of technological privacy, acts as a misguiding set of principles for technological co-regulation through standardisation in blockchains. The standardization of these choices without a holistic analysis of data protection by design imperatives could ultimately weaken the position of data subjects, whose trust in the technological protections of personal data might prove to be relatively misplaced.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The principle of data protection by design, as it is enshrined in article 25 of the GDPR, is difficult to apply in blockchains. This article will assess how the reliance on asymmetric encryption and other privacy enhancing technological architectures -necessary in a blockchain-based system- approach both user control and data protection by design compliance from the single scope of anonymization and unlinkability. Data subjects’ rights, accountability, and the potential shortcomings of applied technological constraints are thus sidelined. Ultimately, this limited understanding of technological privacy, acts as a misguiding set of principles for technological co-regulation through standardisation in blockchains. The standardization of these choices without a holistic analysis of data protection by design imperatives could ultimately weaken the position of data subjects, whose trust in the technological protections of personal data might prove to be relatively misplaced.
van Eechoud, M.; Ausloos, J.; Loos, M.; Mak, C.; Reinhartz, B.; Schumacher, L.D.; Pol, L.
Data na de dood - juridische aspecten van digitale nalatenschappen Technical Report
2021, (Onderzoek in opdracht van het Ministerie van Binnenlandse Zaken en Koninkrijksrelaties, April 2021, Bijlage bij Kamerstuk 2020-2021, 30696 nr. 52.
Auteurs: M.M.M. van Eechoud, J. Ausloos, M. Loos, C. Mak, B. Reinhartz, L. Schumacher & L. Pol.).
@techreport{vanEechoud2021bb,
title = {Data na de dood - juridische aspecten van digitale nalatenschappen},
author = {van Eechoud, M. and Ausloos, J. and Loos, M. and Mak, C. and Reinhartz, B. and Schumacher, L.D. and Pol, L. },
url = {https://www.ivir.nl/publicaties/download/Data-na-de-dood.pdf
https://www.ivir.nl/publicaties/download/Datanadedood_summary.pdf
https://www.sectorplandls.nl/wordpress/news/data-after-death-legal-aspects-of-digital-inheritances/},
year = {2021},
date = {2021-07-08},
urldate = {2021-07-08},
abstract = {Jaarlijks overlijden ruim 150.000 mensen en worden er dus ook ongeveer evenveel nalatenschappen afgewikkeld. Vrijwel zonder uitzondering laten overledenen digitale ‘bezittingen’ achter, zoals sociale media-accounts, e-mails, documenten opgeslagen in de cloud en (gebruiksrechten op) allerlei media en entertainment. De vraag is of het huidige Nederlandse wettelijk kader voldoende handvatten biedt om de bij afwikkeling van digitale nalatenschappen gemoeide private en publieke belangen te behartigen. De centrale onderzoeksvraag van deze studie is: Welke eventuele aanpassingen van het Nederlandse wettelijke kader zijn wenselijk met het oog op de adequate bescherming van private en publieke belangen gemoeid met het regelen en afwikkelen van digitale nalatenschappen?
Voor de beantwoording van deze vraag is om te beginnen een analyse gedaan van het beleid van aanbieders van veelgebruikte informatiediensten rond overlijden, en van de relevante voorwaarden die zij hanteren. Bronnen voor de analyse zijn gebruikersovereenkomsten, algemene voorwaarden, privacy policies en andere (openbare) documenten zoals FAQ’s. Informatiediensten aanbieders zijn onderscheiden in digitale mediadiensten (commercieel aanbod zoals streaming video of -muziek), communicatiediensten (waaronder sociale media en berichtendiensten) en ICT-diensten (o.a. cloudopslag en digitale kluizen). Vervolgens is het relevante wettelijke kader beschreven en zijn onduidelijkheden daarin ge\"{i}dentificeerd. Naast het erfrecht, betreft dit het overeenkomstenrecht en dan in het bijzonder consumentenrecht, intellectuele eigendomsrechten (met name auteursrecht), persoonlijkheidsrechten en gegevensbeschermingsrecht (Algemene Verordening Gegevensbescherming). Ook het algemene vermogensrecht is van belang, voor zover betrekking hebbend op de vraag welk digitaal ‘bezit’ in de nalatenschap valt. Tot slot is met het oog op het formuleren van oplossingsrichtingen, naar een selectie van wetgeving in andere landen gekeken.},
note = {Onderzoek in opdracht van het Ministerie van Binnenlandse Zaken en Koninkrijksrelaties, April 2021, Bijlage bij Kamerstuk 2020-2021, 30696 nr. 52.
Auteurs: M.M.M. van Eechoud, J. Ausloos, M. Loos, C. Mak, B. Reinhartz, L. Schumacher \& L. Pol.},
keywords = {},
pubstate = {published},
tppubtype = {techreport}
}
Jaarlijks overlijden ruim 150.000 mensen en worden er dus ook ongeveer evenveel nalatenschappen afgewikkeld. Vrijwel zonder uitzondering laten overledenen digitale ‘bezittingen’ achter, zoals sociale media-accounts, e-mails, documenten opgeslagen in de cloud en (gebruiksrechten op) allerlei media en entertainment. De vraag is of het huidige Nederlandse wettelijk kader voldoende handvatten biedt om de bij afwikkeling van digitale nalatenschappen gemoeide private en publieke belangen te behartigen. De centrale onderzoeksvraag van deze studie is: Welke eventuele aanpassingen van het Nederlandse wettelijke kader zijn wenselijk met het oog op de adequate bescherming van private en publieke belangen gemoeid met het regelen en afwikkelen van digitale nalatenschappen?
Voor de beantwoording van deze vraag is om te beginnen een analyse gedaan van het beleid van aanbieders van veelgebruikte informatiediensten rond overlijden, en van de relevante voorwaarden die zij hanteren. Bronnen voor de analyse zijn gebruikersovereenkomsten, algemene voorwaarden, privacy policies en andere (openbare) documenten zoals FAQ’s. Informatiediensten aanbieders zijn onderscheiden in digitale mediadiensten (commercieel aanbod zoals streaming video of -muziek), communicatiediensten (waaronder sociale media en berichtendiensten) en ICT-diensten (o.a. cloudopslag en digitale kluizen). Vervolgens is het relevante wettelijke kader beschreven en zijn onduidelijkheden daarin geïdentificeerd. Naast het erfrecht, betreft dit het overeenkomstenrecht en dan in het bijzonder consumentenrecht, intellectuele eigendomsrechten (met name auteursrecht), persoonlijkheidsrechten en gegevensbeschermingsrecht (Algemene Verordening Gegevensbescherming). Ook het algemene vermogensrecht is van belang, voor zover betrekking hebbend op de vraag welk digitaal ‘bezit’ in de nalatenschap valt. Tot slot is met het oog op het formuleren van oplossingsrichtingen, naar een selectie van wetgeving in andere landen gekeken.
Voor de beantwoording van deze vraag is om te beginnen een analyse gedaan van het beleid van aanbieders van veelgebruikte informatiediensten rond overlijden, en van de relevante voorwaarden die zij hanteren. Bronnen voor de analyse zijn gebruikersovereenkomsten, algemene voorwaarden, privacy policies en andere (openbare) documenten zoals FAQ’s. Informatiediensten aanbieders zijn onderscheiden in digitale mediadiensten (commercieel aanbod zoals streaming video of -muziek), communicatiediensten (waaronder sociale media en berichtendiensten) en ICT-diensten (o.a. cloudopslag en digitale kluizen). Vervolgens is het relevante wettelijke kader beschreven en zijn onduidelijkheden daarin geïdentificeerd. Naast het erfrecht, betreft dit het overeenkomstenrecht en dan in het bijzonder consumentenrecht, intellectuele eigendomsrechten (met name auteursrecht), persoonlijkheidsrechten en gegevensbeschermingsrecht (Algemene Verordening Gegevensbescherming). Ook het algemene vermogensrecht is van belang, voor zover betrekking hebbend op de vraag welk digitaal ‘bezit’ in de nalatenschap valt. Tot slot is met het oog op het formuleren van oplossingsrichtingen, naar een selectie van wetgeving in andere landen gekeken.
Sax, M.
Voorbij privacy: manipulatie is het échte probleem in gezondheidsapps Journal Article
In: Privacy & Informatie, no. 3, pp. 117-120, 2021.
@article{Sax2021b,
title = {Voorbij privacy: manipulatie is het \'{e}chte probleem in gezondheidsapps},
author = {Sax, M.},
url = {https://www.uitgeverijparis.nl/nl/reader/209785/1001582341},
year = {2021},
date = {2021-06-24},
journal = {Privacy \& Informatie},
number = {3},
pages = {117-120},
abstract = {Ze zijn enorm populair en zullen alleen nog maar populairder worden: gezondheidsapps. Er zijn populaire gezondheidsapps met tientallen tot soms honderden miljoenen gebruikers voor van alles en nog wat: dieetadviezen en calorie\"{e}ntellen (MyFitnessPal), meditatie en mindfulness (Headspace), het tracken en onderling vergelijken van sportactiviteiten (Strava), het tracken van je algehele bewegings- en gezondheidspatronen via een wearable (Fitbit), enzovoort. Hun huidige populariteit zal alleen nog maar toenemen, aangezien werkgevers en verzekeraars steeds nadrukkelijker het gebruik van gezondheidsapps aanprijzen. 1 Gezondheid is goed, meer gezondheid is beter. Geweldig toch, die alsmaar toenemende populariteit van gezondheidsapps?},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Ze zijn enorm populair en zullen alleen nog maar populairder worden: gezondheidsapps. Er zijn populaire gezondheidsapps met tientallen tot soms honderden miljoenen gebruikers voor van alles en nog wat: dieetadviezen en calorieëntellen (MyFitnessPal), meditatie en mindfulness (Headspace), het tracken en onderling vergelijken van sportactiviteiten (Strava), het tracken van je algehele bewegings- en gezondheidspatronen via een wearable (Fitbit), enzovoort. Hun huidige populariteit zal alleen nog maar toenemen, aangezien werkgevers en verzekeraars steeds nadrukkelijker het gebruik van gezondheidsapps aanprijzen. 1 Gezondheid is goed, meer gezondheid is beter. Geweldig toch, die alsmaar toenemende populariteit van gezondheidsapps?
van Hoboken, J.; Fahy, R.
Smartphone platforms as privacy regulators Journal Article
In: Computer Law & Security Review, vol. 41, 2021.
@article{vanHoboken2021b,
title = {Smartphone platforms as privacy regulators},
author = {van Hoboken, J. and Fahy, R.},
url = {https://www.ivir.nl/publicaties/download/Smartphone-platforms-as-privacy-regulators.pdf},
doi = {https://doi.org/10.1016/j.clsr.2021.105557},
year = {2021},
date = {2021-06-10},
journal = {Computer Law \& Security Review},
volume = {41},
abstract = {A series of recent developments highlight the increasingly important role of online platforms in impacting data privacy in today's digital economy. Revelations and parliamentary hearings about privacy violations in Facebook's app and service partner ecosystem, EU Court of Justice judgments on joint responsibility of platforms and platform users, and the rise of smartphone app ecosystems where app behaviour is governed by app distribution platforms and operating systems, all show that platform policies can make or break the enjoyment of privacy by users. In this article, we examine these developments and explore the question of what can and should be the role of platforms in protecting data privacy of their users.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
A series of recent developments highlight the increasingly important role of online platforms in impacting data privacy in today's digital economy. Revelations and parliamentary hearings about privacy violations in Facebook's app and service partner ecosystem, EU Court of Justice judgments on joint responsibility of platforms and platform users, and the rise of smartphone app ecosystems where app behaviour is governed by app distribution platforms and operating systems, all show that platform policies can make or break the enjoyment of privacy by users. In this article, we examine these developments and explore the question of what can and should be the role of platforms in protecting data privacy of their users.
van Hoboken, J.; Fahy, R.
Regulating Disinformation in Europe: Implications for Speech and Privacy Journal Article
In: UC Irvine Journal of International, Transnational, and Comparative Law, vol. 6, no. 1, pp. 9-36, 2021.
@article{vanHoboken2021,
title = {Regulating Disinformation in Europe: Implications for Speech and Privacy},
author = {van Hoboken, J. and Fahy, R.},
url = {https://www.ivir.nl/publicaties/download/Regulating-Disinformation-in-Europe.pdf},
year = {2021},
date = {2021-06-01},
journal = {UC Irvine Journal of International, Transnational, and Comparative Law},
volume = {6},
number = {1},
pages = {9-36},
abstract = {This Article examines the ongoing dynamics in the regulation of disinformation in Europe, focusing on the intersection between the right to
freedom of expression and the right to privacy. Importantly, there has been a recent wave of regulatory measures and other forms of pressure on online platforms to tackle disinformation in Europe. These measures play out in different ways at the intersection of the right to freedom of expression and the right to privacy. Crucially, as governments, journalists, and researchers seek greater transparency and access to information from online platforms to evaluate their impact on the health of their democracies, these measures raise acute issues related to user privacy. Indeed, platforms that once refused to cooperate with governments in identifying users allegedly responsible for disseminating illegal or harmful content are now expanding cooperation. However, while platforms are increasingly facilitating government access to user data, platforms are also invoking data protection law concerns as a shield in response to recent efforts at increased platform transparency. At
the same time, data protection law provides for one of the main systemic regulatory safeguards in Europe. It protects user autonomy concerning datadriven campaigns, requiring transparency for internet audiences about targeting and data subject rights in relation to audience platforms, such as social media companies.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
This Article examines the ongoing dynamics in the regulation of disinformation in Europe, focusing on the intersection between the right to
freedom of expression and the right to privacy. Importantly, there has been a recent wave of regulatory measures and other forms of pressure on online platforms to tackle disinformation in Europe. These measures play out in different ways at the intersection of the right to freedom of expression and the right to privacy. Crucially, as governments, journalists, and researchers seek greater transparency and access to information from online platforms to evaluate their impact on the health of their democracies, these measures raise acute issues related to user privacy. Indeed, platforms that once refused to cooperate with governments in identifying users allegedly responsible for disseminating illegal or harmful content are now expanding cooperation. However, while platforms are increasingly facilitating government access to user data, platforms are also invoking data protection law concerns as a shield in response to recent efforts at increased platform transparency. At
the same time, data protection law provides for one of the main systemic regulatory safeguards in Europe. It protects user autonomy concerning datadriven campaigns, requiring transparency for internet audiences about targeting and data subject rights in relation to audience platforms, such as social media companies.
freedom of expression and the right to privacy. Importantly, there has been a recent wave of regulatory measures and other forms of pressure on online platforms to tackle disinformation in Europe. These measures play out in different ways at the intersection of the right to freedom of expression and the right to privacy. Crucially, as governments, journalists, and researchers seek greater transparency and access to information from online platforms to evaluate their impact on the health of their democracies, these measures raise acute issues related to user privacy. Indeed, platforms that once refused to cooperate with governments in identifying users allegedly responsible for disseminating illegal or harmful content are now expanding cooperation. However, while platforms are increasingly facilitating government access to user data, platforms are also invoking data protection law concerns as a shield in response to recent efforts at increased platform transparency. At
the same time, data protection law provides for one of the main systemic regulatory safeguards in Europe. It protects user autonomy concerning datadriven campaigns, requiring transparency for internet audiences about targeting and data subject rights in relation to audience platforms, such as social media companies.
Irion, K.
Formal meeting (oral evidence session): Digital trade and data Online
2021.
@online{Irion2021b,
title = {Formal meeting (oral evidence session): Digital trade and data},
author = {Irion, K.},
url = {https://committees.parliament.uk/event/3859/formal-meeting-oral-evidence-session/},
year = {2021},
date = {2021-03-12},
abstract = {Oral testimony on the UK House of Commons International Trade Committee. The Committee has launched an inquiry into digital trade and data. Digital trade refers to digitally enabled, or digitally delivered, trade in goods and services. Such trade involves the movement of data.
The Committee’s inquiry will explore a range of issues, including:
• Digital trade and data provisions in Free Trade Agreements
• Concerns around the security and privacy of data
• The environmental impact of digital trade
• Relevant legal frameworks},
keywords = {},
pubstate = {published},
tppubtype = {online}
}
Oral testimony on the UK House of Commons International Trade Committee. The Committee has launched an inquiry into digital trade and data. Digital trade refers to digitally enabled, or digitally delivered, trade in goods and services. Such trade involves the movement of data.
The Committee’s inquiry will explore a range of issues, including:
• Digital trade and data provisions in Free Trade Agreements
• Concerns around the security and privacy of data
• The environmental impact of digital trade
• Relevant legal frameworks
The Committee’s inquiry will explore a range of issues, including:
• Digital trade and data provisions in Free Trade Agreements
• Concerns around the security and privacy of data
• The environmental impact of digital trade
• Relevant legal frameworks
Dommering, E.
Annotatie bij Hof van Justitie EU 16 juli 2020 (Data Protection Commissioner / Facebook Ireland & Schrems)(Schrems II) Journal Article
In: Nederlandse Jurisprudentie, vol. 2021, no. 5/6, pp. 455-458, 2021.
@article{Dommering2021c,
title = {Annotatie bij Hof van Justitie EU 16 juli 2020 (Data Protection Commissioner / Facebook Ireland \& Schrems)(Schrems II)},
author = {Dommering, E.},
url = {https://www.ivir.nl/publicaties/download/Annotatie_NJ_2021_24.pdf},
year = {2021},
date = {2021-03-12},
journal = {Nederlandse Jurisprudentie},
volume = {2021},
number = {5/6},
pages = {455-458},
abstract = {Uitlevering persoonsgegevens Ierland/VS in strijd met de AVG omdat veiligheidsdiensten in VS ongecontroleerd toegang hebben tot serviceproviders die deze persoonsgegevens ontvangen.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Uitlevering persoonsgegevens Ierland/VS in strijd met de AVG omdat veiligheidsdiensten in VS ongecontroleerd toegang hebben tot serviceproviders die deze persoonsgegevens ontvangen.
Poort, J.; Zuiderveen Borgesius, F.
Personalised pricing: The demise of the fixed price? Journal Article
In: 2021, (Forthcoming as chapter 10 in: Kohl, U., & Eisler, J. (eds.), Data-Driven Personalisation in Markets, Politics and Law. Cambridge: Cambridge University Press, 2021.).
@article{Poort2021,
title = {Personalised pricing: The demise of the fixed price?},
author = {Poort, J. and Zuiderveen Borgesius, F.},
url = {https://www.ivir.nl/publicaties/download/The-Demise-of-the-Fixed-Price.pdf},
year = {2021},
date = {2021-03-04},
abstract = {An online seller or platform is technically able to offer every consumer a different price for the same product, based on information it has about the customers. Such online price discrimination exacerbates concerns regarding the fairness and morality of price discrimination, and the possible need for regulation. In this chapter, we discuss the underlying basis of price discrimination in economic theory, and its popular perception. Our surveys show that consumers are critical and suspicious of online price discrimination. A majority consider it unacceptable and unfair, and are in favour of a ban. When stores apply online price discrimination, most consumers think they should be informed about it. We argue that the General Data Protection Regulation (GDPR) applies to the most controversial forms of online price discrimination, and not only requires companies to disclose their use of price discrimination, but also requires companies to ask customers for their prior consent. Industry practice, however, does not show any adoption of these two principles.},
note = {Forthcoming as chapter 10 in: Kohl, U., \& Eisler, J. (eds.), Data-Driven Personalisation in Markets, Politics and Law. Cambridge: Cambridge University Press, 2021.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
An online seller or platform is technically able to offer every consumer a different price for the same product, based on information it has about the customers. Such online price discrimination exacerbates concerns regarding the fairness and morality of price discrimination, and the possible need for regulation. In this chapter, we discuss the underlying basis of price discrimination in economic theory, and its popular perception. Our surveys show that consumers are critical and suspicious of online price discrimination. A majority consider it unacceptable and unfair, and are in favour of a ban. When stores apply online price discrimination, most consumers think they should be informed about it. We argue that the General Data Protection Regulation (GDPR) applies to the most controversial forms of online price discrimination, and not only requires companies to disclose their use of price discrimination, but also requires companies to ask customers for their prior consent. Industry practice, however, does not show any adoption of these two principles.
Janssen, H.; Cobbe, J.; Norval, C.; Singh, J.
Decentralised Data Processing: Personal Data Stores and the GDPR Journal Article
In: International Data Privacy Law, vol. 10, no. 4, pp. 356-384, 2021.
@article{Janssen2021,
title = {Decentralised Data Processing: Personal Data Stores and the GDPR},
author = {Janssen, H. and Cobbe, J. and Norval, C. and Singh, J.},
url = {https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3570895
https://www.ivir.nl/publicaties/download/IDPL-2021-4.pdf},
doi = {https://doi.org/10.1093/idpl/ipaa016},
year = {2021},
date = {2021-01-04},
journal = {International Data Privacy Law},
volume = {10},
number = {4},
pages = {356-384},
abstract = {When it comes to online services, users have limited control over how their personal data is processed. This is partly due to the nature of the business models of those services, where data is typically stored and aggregated in data centres. This has recently led to the development of technologies aiming at leveraging user control over the processing of their personal data.
Personal Data Stores (“PDSs”) represent a class of these technologies; PDSs provide users with a device, enabling them to capture, aggregate and manage their personal data. The device provides tools for users to control and monitor access, sharing and computation over data on their device. The motivation for PDSs are described as (i) to assist users with their confidentiality and privacy concerns, and/or (ii) to provide opportunities for users to transact with or otherwise monetise their data.
While PDSs potentially might enable some degree of user empowerment, they raise interesting considerations and uncertainties in relation to the responsibilities under the General Data Protection Regulation (GDPR). More specifically, the designations of responsibilities among key parties involved in PDS ecosystems are unclear. Further, the technical architecture of PDSs appears to restrict certain lawful grounds for processing, while technical means to identify certain category data, as proposed by some, may remain theoretical.
We explore the considerations, uncertainties, and limitations of PDSs with respect to some key obligations under the GDPR. As PDS technologies continue to develop and proliferate, potentially providing an alternative to centralised approaches to data processing, we identify issues which require consideration by regulators, PDS platform providers and technologists.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
When it comes to online services, users have limited control over how their personal data is processed. This is partly due to the nature of the business models of those services, where data is typically stored and aggregated in data centres. This has recently led to the development of technologies aiming at leveraging user control over the processing of their personal data.
Personal Data Stores (“PDSs”) represent a class of these technologies; PDSs provide users with a device, enabling them to capture, aggregate and manage their personal data. The device provides tools for users to control and monitor access, sharing and computation over data on their device. The motivation for PDSs are described as (i) to assist users with their confidentiality and privacy concerns, and/or (ii) to provide opportunities for users to transact with or otherwise monetise their data.
While PDSs potentially might enable some degree of user empowerment, they raise interesting considerations and uncertainties in relation to the responsibilities under the General Data Protection Regulation (GDPR). More specifically, the designations of responsibilities among key parties involved in PDS ecosystems are unclear. Further, the technical architecture of PDSs appears to restrict certain lawful grounds for processing, while technical means to identify certain category data, as proposed by some, may remain theoretical.
We explore the considerations, uncertainties, and limitations of PDSs with respect to some key obligations under the GDPR. As PDS technologies continue to develop and proliferate, potentially providing an alternative to centralised approaches to data processing, we identify issues which require consideration by regulators, PDS platform providers and technologists.
Personal Data Stores (“PDSs”) represent a class of these technologies; PDSs provide users with a device, enabling them to capture, aggregate and manage their personal data. The device provides tools for users to control and monitor access, sharing and computation over data on their device. The motivation for PDSs are described as (i) to assist users with their confidentiality and privacy concerns, and/or (ii) to provide opportunities for users to transact with or otherwise monetise their data.
While PDSs potentially might enable some degree of user empowerment, they raise interesting considerations and uncertainties in relation to the responsibilities under the General Data Protection Regulation (GDPR). More specifically, the designations of responsibilities among key parties involved in PDS ecosystems are unclear. Further, the technical architecture of PDSs appears to restrict certain lawful grounds for processing, while technical means to identify certain category data, as proposed by some, may remain theoretical.
We explore the considerations, uncertainties, and limitations of PDSs with respect to some key obligations under the GDPR. As PDS technologies continue to develop and proliferate, potentially providing an alternative to centralised approaches to data processing, we identify issues which require consideration by regulators, PDS platform providers and technologists.
Janssen, H.; Cobbe, J.; Singh, J.
Personal Data Stores: a user-centric privacy utopia? Journal Article Forthcoming
In: Internet Policy Review, Forthcoming.
@article{Janssen2021b,
title = {Personal Data Stores: a user-centric privacy utopia?},
author = {Janssen, H. and Cobbe, J. and Singh, J.},
year = {2021},
date = {2021-01-04},
journal = {Internet Policy Review},
keywords = {},
pubstate = {forthcoming},
tppubtype = {article}
}
Ferrari, V.
Crosshatching Privacy: Financial Intermediaries’ Data Practices Between Law Enforcement and Data Economy Journal Article
In: European Data Protection Law Review, vol. 6, no. 4, pp. 522-535, 2020.
@article{Ferrari2020b,
title = {Crosshatching Privacy: Financial Intermediaries’ Data Practices Between Law Enforcement and Data Economy},
author = {Ferrari, V.},
url = {https://edpl.lexxion.eu/article/EDPL/2020/4/8
https://www.ivir.nl/publicaties/download/edpl_2020_04.pdf},
doi = {https://doi.org/10.21552/edpl/2020/4/8},
year = {2020},
date = {2020-12-22},
journal = {European Data Protection Law Review},
volume = {6},
number = {4},
pages = {522-535},
abstract = {Financial data are key to various law enforcement processes, including criminal investigations, anti-money laundering strategies and the implementation of national fiscal policies. However, financial data also qualify as personal data. While law enforcement objectives can derogate certain privacy-related legal safeguards, private financial firms should, in principle, comply with the privacy standards upheld by GDPR. Highlighting the most critical trends of the current financial industry (i.e. commercial exploitation of data; international dimension of financial informational networks; use of automated processing and decision-making tools), the present paper analyses how privacy and law enforcement priorities interplay in determining the governance of financial data. We conclude by recognizing that privacy loopholes exist in the current financial industry’s data practices, and that - as payments tend to be increasingly performed in digital manners, exponentially increasing the availability of financial data - privacy-enhancing payment methods should be encouraged and legitimised.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Financial data are key to various law enforcement processes, including criminal investigations, anti-money laundering strategies and the implementation of national fiscal policies. However, financial data also qualify as personal data. While law enforcement objectives can derogate certain privacy-related legal safeguards, private financial firms should, in principle, comply with the privacy standards upheld by GDPR. Highlighting the most critical trends of the current financial industry (i.e. commercial exploitation of data; international dimension of financial informational networks; use of automated processing and decision-making tools), the present paper analyses how privacy and law enforcement priorities interplay in determining the governance of financial data. We conclude by recognizing that privacy loopholes exist in the current financial industry’s data practices, and that - as payments tend to be increasingly performed in digital manners, exponentially increasing the availability of financial data - privacy-enhancing payment methods should be encouraged and legitimised.
van Hoboken, J.; Appelman, N.; van Duin, A.; Blom, T.; Zarouali, B.; Fahy, R.; Steel, M.; Stringhi, E.; Helberger, N.
WODC-onderzoek: Voorziening voor verzoeken tot snelle verwijdering van onrechtmatige online content Technical Report
2020.
@techreport{vanHoboken2020d,
title = {WODC-onderzoek: Voorziening voor verzoeken tot snelle verwijdering van onrechtmatige online content},
author = {van Hoboken, J. and Appelman, N. and van Duin, A. and Blom, T. and Zarouali, B. and Fahy, R. and Steel, M. and Stringhi, E. and Helberger, N.},
url = {https://www.ivir.nl/publicaties/download/WODC_voorziening_onrechtmatige_content.pdf},
year = {2020},
date = {2020-11-12},
abstract = {Dit onderzoek is uitgegeven als onderdeel van het speerpunt van de Minister voor Rechtsbescherming om de positie van slachtoffers van onrechtmatige uitingen op het internet te verbeteren. Aanleiding is dat het voor mensen als te moeilijk ervaren wordt om onrechtmatige online content snel verwijderd te krijgen. Dit rapport biedt inzicht in de juridische en praktische haalbaarheid van een voorziening voor de verwijdering van onrechtmatige online content die mensen persoonlijk raakt. Onrechtmatige content is informatie, door mensen op het internet geplaatst, die in strijd is met het recht, vanwege de schadelijke gevolgen ervan en/of omdat de belangen van anderen daardoor op ernstige wijze worden aangetast. Hierbij moet, bijvoorbeeld, gedacht worden aan bedreigingen, privacy-inbreuken of wraakporno. Het doel van de onderzochte voorziening is om mensen in staat te stellen deze onrechtmatige online content zo snel mogelijk te verwijderen. Het onderzoek focust op onrechtmatige online content die mensen in hun persoon raakt en daarmee onder het recht op priv\'{e}leven uit artikel 8 Europees Verdrag voor de Rechten van de Mens (“EVRM”) valt.},
keywords = {},
pubstate = {published},
tppubtype = {techreport}
}
Dit onderzoek is uitgegeven als onderdeel van het speerpunt van de Minister voor Rechtsbescherming om de positie van slachtoffers van onrechtmatige uitingen op het internet te verbeteren. Aanleiding is dat het voor mensen als te moeilijk ervaren wordt om onrechtmatige online content snel verwijderd te krijgen. Dit rapport biedt inzicht in de juridische en praktische haalbaarheid van een voorziening voor de verwijdering van onrechtmatige online content die mensen persoonlijk raakt. Onrechtmatige content is informatie, door mensen op het internet geplaatst, die in strijd is met het recht, vanwege de schadelijke gevolgen ervan en/of omdat de belangen van anderen daardoor op ernstige wijze worden aangetast. Hierbij moet, bijvoorbeeld, gedacht worden aan bedreigingen, privacy-inbreuken of wraakporno. Het doel van de onderzochte voorziening is om mensen in staat te stellen deze onrechtmatige online content zo snel mogelijk te verwijderen. Het onderzoek focust op onrechtmatige online content die mensen in hun persoon raakt en daarmee onder het recht op privéleven uit artikel 8 Europees Verdrag voor de Rechten van de Mens (“EVRM”) valt.
Dommering, E.
Annotatie bij Rb. Den Haag 5 februari 2020 (NJCM c.s. / Staat der Nederlanden - SyRI-wetgeving) Journal Article
In: Nederlandse Jurisprudentie, no. 45, pp. 6792-6795, 2020.
@article{Dommering2020i,
title = {Annotatie bij Rb. Den Haag 5 februari 2020 (NJCM c.s. / Staat der Nederlanden - SyRI-wetgeving)},
author = {Dommering, E.},
url = {https://www.ivir.nl/publicaties/download/Annotatie_NJ_2020_386.pdf},
year = {2020},
date = {2020-11-10},
journal = {Nederlandse Jurisprudentie},
number = {45},
pages = {6792-6795},
abstract = {De SyRI-wetgeving voldoet niet aan de in art. 8 lid 2 EVRM gestelde eis dat de inmenging in de uitoefening van het recht op respect voor het priv\'{e}leven noodzakelijk is in een democratische samenleving, dat wil zeggen noodzakelijk, evenredig (proportioneel) en subsidiair in relatie tot het beoogde doel.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
De SyRI-wetgeving voldoet niet aan de in art. 8 lid 2 EVRM gestelde eis dat de inmenging in de uitoefening van het recht op respect voor het privéleven noodzakelijk is in een democratische samenleving, dat wil zeggen noodzakelijk, evenredig (proportioneel) en subsidiair in relatie tot het beoogde doel.
Strycharz, J.; Ausloos, J.; Helberger, N.
Data Protection or Data Frustration? Individual perceptions and attitudes towards the GDPR Journal Article
In: European Data Protection Law Review, vol. 6, no. 3, pp. 407-421, 2020.
@article{Strycharz2020,
title = {Data Protection or Data Frustration? Individual perceptions and attitudes towards the GDPR},
author = {Strycharz, J. and Ausloos, J. and Helberger, N.},
url = {https://www.ivir.nl/publicaties/download/EDPLR_2020_3.pdf},
doi = {https://doi.org/10.21552/edpl/2020/3/10},
year = {2020},
date = {2020-10-13},
journal = {European Data Protection Law Review},
volume = {6},
number = {3},
pages = {407-421},
abstract = {Strengthening individual rights, enhancing control over one’s data and raising awareness were among the main aims the European Commission set for the General Data Protection Regulation (GDPR). In order to assess whether these aims have been met, research into individual perceptions, awareness, and understanding of the Regulation is necessary. This study thus examines individual reactions to the GDPR in order to provide insights into user agency in relation to the Regulation. More specifically, it discusses empirical data (survey with N = 1288) on individual knowledge of, reactions to, and rights exercised under the GDPR in the Netherlands. The results show high awareness of the GDPR and knowledge of individual rights. At the same time, the Dutch show substantial reactance to the Regulation and doubt the effectiveness of their individual rights. These findings point to several issues obstructing the GDPR’s effectiveness, and constitute useful signposts for policy-makers and enforcement agencies to prioritise their strategies in achieving the original aims of the Regulation.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Strengthening individual rights, enhancing control over one’s data and raising awareness were among the main aims the European Commission set for the General Data Protection Regulation (GDPR). In order to assess whether these aims have been met, research into individual perceptions, awareness, and understanding of the Regulation is necessary. This study thus examines individual reactions to the GDPR in order to provide insights into user agency in relation to the Regulation. More specifically, it discusses empirical data (survey with N = 1288) on individual knowledge of, reactions to, and rights exercised under the GDPR in the Netherlands. The results show high awareness of the GDPR and knowledge of individual rights. At the same time, the Dutch show substantial reactance to the Regulation and doubt the effectiveness of their individual rights. These findings point to several issues obstructing the GDPR’s effectiveness, and constitute useful signposts for policy-makers and enforcement agencies to prioritise their strategies in achieving the original aims of the Regulation.
Yakovleva, S.
Privacy and Data Protection in the EU- and US-led Post- WTO Free Trade Agreements Book Chapter
In: pp. 95-115, 2020, (Chapter in: Coherence and Divergence in Services Trade Law, ed. R.T. Hoffmann & M. Krajewski).
@inbook{Yakovleva2020e,
title = {Privacy and Data Protection in the EU- and US-led Post- WTO Free Trade Agreements},
author = {Yakovleva, S.},
url = {https://www.ivir.nl/publicaties/download/Yearbook_International_Economic_Law.pdf},
doi = {https://doi.org/10.1007/978-3-030-46955-9_5},
year = {2020},
date = {2020-10-08},
pages = {95-115},
series = {European Yearbook of International Economic Law},
abstract = {The chapter addresses privacy and data protection in FTAs. It takes stock of the evolution of provisions on privacy and data protection in the post-WTO FTAs and FTAs currently under negotiation relying on EU- and US-led FTAs as an empirical basis. The chapter evaluates the trends and patterns of the development of these provisions and provides an outlook for the upcoming negotiations on electronic commerce at the WTO. It highlights the evolution of provisions on privacy and personal data protection in general exceptions, financial and telecommunications chapters, chapters on electronic commerce and digital trade. After identifying trends in the design and wording of these provisions in the EU- and US-led FTAs the chapter concludes that both trading partners tend to prefer their own template for regional FTAs.},
note = {Chapter in: Coherence and Divergence in Services Trade Law, ed. R.T. Hoffmann \& M. Krajewski},
keywords = {},
pubstate = {published},
tppubtype = {inbook}
}
The chapter addresses privacy and data protection in FTAs. It takes stock of the evolution of provisions on privacy and data protection in the post-WTO FTAs and FTAs currently under negotiation relying on EU- and US-led FTAs as an empirical basis. The chapter evaluates the trends and patterns of the development of these provisions and provides an outlook for the upcoming negotiations on electronic commerce at the WTO. It highlights the evolution of provisions on privacy and personal data protection in general exceptions, financial and telecommunications chapters, chapters on electronic commerce and digital trade. After identifying trends in the design and wording of these provisions in the EU- and US-led FTAs the chapter concludes that both trading partners tend to prefer their own template for regional FTAs.
Yakovleva, S.
Personal Data Transfers in International Trade and EU Law: A Tale of Two ‘Necessities’ Journal Article
In: The Journal of World Investment & Trade, pp. 1-39, 2020.
@article{Yakovleva2020d,
title = {Personal Data Transfers in International Trade and EU Law: A Tale of Two ‘Necessities’},
author = {Yakovleva, S.},
url = {https://www.ivir.nl/publicaties/download/JWIT_2020.pdf},
year = {2020},
date = {2020-10-02},
journal = {The Journal of World Investment \& Trade},
pages = {1-39},
abstract = {Cross-border flows of personal data have become essential for international trade. EU law restricts transfers of personal data to a degree that is arguably beyond what is permitted under the EU’s WTO commitments. These restrictions may be justified under trade law’s ‘necessity test.’ The article suggests that they may not pass this test. Yet, from an EU law perspective, the right to the protection of personal data is a fundamental right. An international transfer of personal data constitutes a derogation from this right and, therefore, must be consistent with another necessity test, the ‘strict necessity’ test of the derogation clause of the EU Charter of Fundamental Rights. This article shows how a simultaneous application of the trade law and EU Charter ‘necessities’ to EU restrictions on transfers of personal data creates a Catch-22 situation and sketches the ways out of this compliance deadlock.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Cross-border flows of personal data have become essential for international trade. EU law restricts transfers of personal data to a degree that is arguably beyond what is permitted under the EU’s WTO commitments. These restrictions may be justified under trade law’s ‘necessity test.’ The article suggests that they may not pass this test. Yet, from an EU law perspective, the right to the protection of personal data is a fundamental right. An international transfer of personal data constitutes a derogation from this right and, therefore, must be consistent with another necessity test, the ‘strict necessity’ test of the derogation clause of the EU Charter of Fundamental Rights. This article shows how a simultaneous application of the trade law and EU Charter ‘necessities’ to EU restrictions on transfers of personal data creates a Catch-22 situation and sketches the ways out of this compliance deadlock.
Yakovleva, S.; Geursen, W.; Arnbak, A.
Kaleidoscopic data-related enforcement in the digital age Journal Article
In: Common Market Law Review, vol. 57, no. 5, pp. 1461-1494, 2020.
@article{Yakovleva2020c,
title = {Kaleidoscopic data-related enforcement in the digital age},
author = {Yakovleva, S. and Geursen, W. and Arnbak, A.},
url = {https://www.ivir.nl/publicaties/download/CMLR_2020.pdf},
year = {2020},
date = {2020-10-01},
journal = {Common Market Law Review},
volume = {57},
number = {5},
pages = {1461-1494},
abstract = {The interplay between competition, consumer and data protection law, when applied to data collection and processing practices, may lead to situations where several competent authorities can, independently, carry out enforcement actions against the same practice, or where an authority competent to carry out enforcement in one area of law can borrow the concepts of another area to advance its own goals. The authors call this “kaleidoscopic enforcement”. Kaleidoscopic enforcement may undermine existing coordination mechanisms within specif ic areas, and may lead to both the incoherent enforcement of EU rules applicable to data, and to sub-optimal enforcement. An EU level binding
inter-disciplinary coordination mechanism between competition, consumer and data protection authorities is needed. Now the Commission has announced ambitious plans to enhance the coherent application of EU law in several areas, it is the perfect time to work towards creating such an enforcement mechanism.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The interplay between competition, consumer and data protection law, when applied to data collection and processing practices, may lead to situations where several competent authorities can, independently, carry out enforcement actions against the same practice, or where an authority competent to carry out enforcement in one area of law can borrow the concepts of another area to advance its own goals. The authors call this “kaleidoscopic enforcement”. Kaleidoscopic enforcement may undermine existing coordination mechanisms within specif ic areas, and may lead to both the incoherent enforcement of EU rules applicable to data, and to sub-optimal enforcement. An EU level binding
inter-disciplinary coordination mechanism between competition, consumer and data protection authorities is needed. Now the Commission has announced ambitious plans to enhance the coherent application of EU law in several areas, it is the perfect time to work towards creating such an enforcement mechanism.
inter-disciplinary coordination mechanism between competition, consumer and data protection authorities is needed. Now the Commission has announced ambitious plans to enhance the coherent application of EU law in several areas, it is the perfect time to work towards creating such an enforcement mechanism.
Helberger, N.; Huh, J.; Milne, G.; Strycharz, J.
Macro and Exogenous Factors in Computational Advertising: Key Issues and New Research Directions Journal Article
In: Journal of Advertising, vol. 49, no. 4, pp. 377-393, 2020.
@article{Helberger2020h,
title = {Macro and Exogenous Factors in Computational Advertising: Key Issues and New Research Directions},
author = {Helberger, N. and Huh, J. and Milne, G. and Strycharz, J.},
doi = {https://doi.org/10.1080/00913367.2020.1811179},
year = {2020},
date = {2020-09-11},
journal = {Journal of Advertising},
volume = {49},
number = {4},
pages = {377-393},
abstract = {To advance the emerging research field of computational advertising this article describes the new computational advertising ecosystem, identifies key actors within it and interactions among them, and discusses future research agendas. Specifically, we propose systematic conceptualization for the redefined advertising industry, consumers, government, and technology environmental factors, and discuss emerging and anticipated tensions that arise in the macro and exogenous factors surrounding the new computational advertising industry, leading to suggestions for future research directions. From multidisciplinary angles, areas of tension and related research questions are explored from advertising, business, computer science, and legal perspectives. The proposed research agendas include exploring transparency of computational advertising practice and consumer education; understanding the trade-off between explainability and performance of algorithms; exploring the issue of new consumers as free data laborers, data as commodity, and related consumer agency challenges; understanding the relationship between algorithmic transparency and consumers’ literacy; evaluating the trade-off between algorithmic fairness and privacy protection; examining legal and regulatory issues regarding power imbalance between actors in the computational advertising ecosystem; and studying the trade-off between technological innovation and consumer protection and empowerment.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
To advance the emerging research field of computational advertising this article describes the new computational advertising ecosystem, identifies key actors within it and interactions among them, and discusses future research agendas. Specifically, we propose systematic conceptualization for the redefined advertising industry, consumers, government, and technology environmental factors, and discuss emerging and anticipated tensions that arise in the macro and exogenous factors surrounding the new computational advertising industry, leading to suggestions for future research directions. From multidisciplinary angles, areas of tension and related research questions are explored from advertising, business, computer science, and legal perspectives. The proposed research agendas include exploring transparency of computational advertising practice and consumer education; understanding the trade-off between explainability and performance of algorithms; exploring the issue of new consumers as free data laborers, data as commodity, and related consumer agency challenges; understanding the relationship between algorithmic transparency and consumers’ literacy; evaluating the trade-off between algorithmic fairness and privacy protection; examining legal and regulatory issues regarding power imbalance between actors in the computational advertising ecosystem; and studying the trade-off between technological innovation and consumer protection and empowerment.
Eskens, S.
Opinie: De wettelijke mogelijkheden voor online proctoring door universiteiten zijn zeer beperkt Journal Article
In: Tijdschrift voor Internetrecht, no. 4, pp. 141-143, 2020.
@article{Eskens2020b,
title = {Opinie: De wettelijke mogelijkheden voor online proctoring door universiteiten zijn zeer beperkt},
author = {Eskens, S.},
url = {https://www.ivir.nl/publicaties/download/TvI_2020_4.pdf},
year = {2020},
date = {2020-08-27},
journal = {Tijdschrift voor Internetrecht},
number = {4},
pages = {141-143},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Dommering, E.
Annotatie HvJ EU 2 oktober 2018 (Ministerio Fiscal) Journal Article
In: Nederlandse Jurisprudentie, no. 28, pp. 3753-3754, 2020.
@article{Dommering2020h,
title = {Annotatie HvJ EU 2 oktober 2018 (Ministerio Fiscal)},
author = {Dommering, E.},
url = {https://www.ivir.nl/publicaties/download/Annotatie_NJ_232.pdf},
year = {2020},
date = {2020-07-21},
journal = {Nederlandse Jurisprudentie},
number = {28},
pages = {3753-3754},
abstract = {Toegang tot door elektronische communicatiedienstaanbieder verwerkte persoonsgegevens alleen gerechtvaardigd als het om ernstig delict gaat. Identificatiegegevens op SIMkaart van gestolen mobiele telefoon ook bij lichtere vormen van criminaliteit toegestaan toegestaan omdat deze op zich zelf geen inzicht geven in de priv\'{e} communicatie.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Toegang tot door elektronische communicatiedienstaanbieder verwerkte persoonsgegevens alleen gerechtvaardigd als het om ernstig delict gaat. Identificatiegegevens op SIMkaart van gestolen mobiele telefoon ook bij lichtere vormen van criminaliteit toegestaan toegestaan omdat deze op zich zelf geen inzicht geven in de privé communicatie.
Mahieu, R.; Ausloos, J.
Harnessing the collective potential of GDPR access rights: towards an ecology of transparency Journal Article
In: Internet Policy Review, 2020, (Opinion).
@article{Mahieu2020,
title = {Harnessing the collective potential of GDPR access rights: towards an ecology of transparency},
author = {Mahieu, R. and Ausloos, J.},
url = {https://policyreview.info/articles/news/harnessing-collective-potential-gdpr-access-rights-towards-ecology-transparency/1487},
year = {2020},
date = {2020-07-17},
journal = {Internet Policy Review},
abstract = {The GDPR’s goal of empowering citizens can only be fully realised when the collective dimensions of data subject rights are acknowledged and supported through proper enforcement. The power of the collective use of data subjects’ rights, however, is currently neither acknowledged nor properly enforced. This is the message we sent to the European Commission in response to its call for feedback for its two-year review of the GDPR. In our submission entitled Recognising and Enabling the Collective Dimension of the GDPR and the Right of Access \textendash A call to support the governance structure of checks and balances for informational power asymmetries, we demonstrate the collective potential of GDPR access rights with a long list of real-life examples.},
note = {Opinion},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The GDPR’s goal of empowering citizens can only be fully realised when the collective dimensions of data subject rights are acknowledged and supported through proper enforcement. The power of the collective use of data subjects’ rights, however, is currently neither acknowledged nor properly enforced. This is the message we sent to the European Commission in response to its call for feedback for its two-year review of the GDPR. In our submission entitled Recognising and Enabling the Collective Dimension of the GDPR and the Right of Access – A call to support the governance structure of checks and balances for informational power asymmetries, we demonstrate the collective potential of GDPR access rights with a long list of real-life examples.
Monzer, C.; Möller, J.; Helberger, N.; Eskens, S.
User Perspectives on the News Personalisation Process: Agency, Trust and Utility as Building Blocks Journal Article
In: Digital Journalism, vol. 8, no. 9, pp. 1142-1162, 2020.
@article{Monzer2020,
title = {User Perspectives on the News Personalisation Process: Agency, Trust and Utility as Building Blocks},
author = {Monzer, C. and M\"{o}ller, J. and Helberger, N. and Eskens, S.},
url = {https://www.tandfonline.com/doi/full/10.1080/21670811.2020.1773291},
doi = {10.1080/21670811.2020.1773291},
year = {2020},
date = {2020-06-16},
journal = {Digital Journalism},
volume = {8},
number = {9},
pages = {1142-1162},
abstract = {With the increasing use of algorithms in news distribution, commentators warn about its possible impacts on the changing relationship between the news media and news readers. To understand the meaning of news personalisation strategies to users, we investigated how they currently experience news personalisation, perceive their role in the personalisation process, and envision increasing the utility of personalised news by giving users more agency and fostering trust. We conducted four focus groups with online news readers in Germany. For the analysis, grounded theory techniques were suitable due to their applicability in reconstructing user perspectives through their own experiences. We found that (1) users fail to distinguish between news personalisation and commercial targeting, which may negatively bias their perception; (2) there is a contradiction in how users perceive themselves as active participants in the process, but lack the means to exercise agency; (3) user concerns extend beyond privacy to what information they receive and their right to personal autonomy\textemdasha solution requires offering users the ability to dynamically adjust their “news interest profiles”; (4) while news personalisation strategies afford new opportunities for introducing reciprocity in the media-audience relationship, negotiating competing logics of journalistic, personal and algorithmic curation remains a challenge.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
With the increasing use of algorithms in news distribution, commentators warn about its possible impacts on the changing relationship between the news media and news readers. To understand the meaning of news personalisation strategies to users, we investigated how they currently experience news personalisation, perceive their role in the personalisation process, and envision increasing the utility of personalised news by giving users more agency and fostering trust. We conducted four focus groups with online news readers in Germany. For the analysis, grounded theory techniques were suitable due to their applicability in reconstructing user perspectives through their own experiences. We found that (1) users fail to distinguish between news personalisation and commercial targeting, which may negatively bias their perception; (2) there is a contradiction in how users perceive themselves as active participants in the process, but lack the means to exercise agency; (3) user concerns extend beyond privacy to what information they receive and their right to personal autonomy—a solution requires offering users the ability to dynamically adjust their “news interest profiles”; (4) while news personalisation strategies afford new opportunities for introducing reciprocity in the media-audience relationship, negotiating competing logics of journalistic, personal and algorithmic curation remains a challenge.
Yakovleva, S.; Geursen, W,W,; Arnbak, A.
Drie mogelijke boetes van mededingings-, consumenten- en persoonsgegevensautoriteiten voor hetzelfde datagebruik Journal Article
In: Tijdschrift Mededingingsrecht in de Praktijk, no. 2, pp. 30-37, 2020.
@article{Yakovleva2020b,
title = {Drie mogelijke boetes van mededingings-, consumenten- en persoonsgegevensautoriteiten voor hetzelfde datagebruik},
author = {Yakovleva, S. and Geursen, W,W, and Arnbak, A.},
url = {https://www.ivir.nl/publicaties/download/MP_2020_164.pdf},
year = {2020},
date = {2020-06-09},
journal = {Tijdschrift Mededingingsrecht in de Praktijk},
number = {2},
pages = {30-37},
abstract = {Door de toename van datagebruik door ondernemingen is er sprake van convergentie tussen het mededingings-, consumenten- en gegevensbeschermingsrecht. Er kan dan parallelle handhaving plaatsvinden ten aanzien van \'{e}\'{e}n en dezelfde handeling door dezelfde onderneming door drie verschillende autoriteiten. Dat noemen wij caleidoscopische handhaving. Dat heeft volgens ons verschillende keerzijden, waaronder het risico op overhandhaving door drie afzonderlijke procedures van drie afzonderlijke autoriteiten en mogelijk drie boetes. Wij onderzoeken in dit artikel waarom het ne-bis-in-idem-beginsel niet van toepassing is en het beginsel van eendaadse samenloop evenmin (net als in de recente Marine Harvest gun-jumping zaak), waardoor proportionaliteit overblijft.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Door de toename van datagebruik door ondernemingen is er sprake van convergentie tussen het mededingings-, consumenten- en gegevensbeschermingsrecht. Er kan dan parallelle handhaving plaatsvinden ten aanzien van één en dezelfde handeling door dezelfde onderneming door drie verschillende autoriteiten. Dat noemen wij caleidoscopische handhaving. Dat heeft volgens ons verschillende keerzijden, waaronder het risico op overhandhaving door drie afzonderlijke procedures van drie afzonderlijke autoriteiten en mogelijk drie boetes. Wij onderzoeken in dit artikel waarom het ne-bis-in-idem-beginsel niet van toepassing is en het beginsel van eendaadse samenloop evenmin (net als in de recente Marine Harvest gun-jumping zaak), waardoor proportionaliteit overblijft.
Irion, K.; Yakovleva, S.
Pitching trade against privacy: reconciling EU governance of personal data flows with external trade Journal Article
In: International Data Privacy Law, vol. 10, no. 3, pp. 201-221, 2020.
@article{Irion2020bb,
title = {Pitching trade against privacy: reconciling EU governance of personal data flows with external trade},
author = {Irion, K. and Yakovleva, S. },
doi = {https://doi.org/10.1093/idpl/ipaa003},
year = {2020},
date = {2020-04-01},
journal = {International Data Privacy Law},
volume = {10},
number = {3},
pages = {201-221},
abstract = {This article positions EU’s external governance of personal data flows against the backdrop of the international controversy on digital trade versus strict privacy laws. Now that the EU has defined its position on horizontal provisions on cross-border data flows and personal data protection, it is both timely and essential to reassess its strategy on the international transfers of personal data in the purview of its future trade agreements. For its own normative approach and regulatory autonomy, the EU has a pivotal role to play in shaping the interface between trade and privacy before the ‘free trade leviathan’ can restrict the policy choices not only of individual states but also of the EU itself. Our contribution aims to break through the present compartmentalization of privacy scholarship and trade lawyers because it situates personal data flows in both disciplines.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
This article positions EU’s external governance of personal data flows against the backdrop of the international controversy on digital trade versus strict privacy laws. Now that the EU has defined its position on horizontal provisions on cross-border data flows and personal data protection, it is both timely and essential to reassess its strategy on the international transfers of personal data in the purview of its future trade agreements. For its own normative approach and regulatory autonomy, the EU has a pivotal role to play in shaping the interface between trade and privacy before the ‘free trade leviathan’ can restrict the policy choices not only of individual states but also of the EU itself. Our contribution aims to break through the present compartmentalization of privacy scholarship and trade lawyers because it situates personal data flows in both disciplines.
Zuiderveen Borgesius, F.
Strengthening legal protection against discrimination by algorithms and artificial intelligence Journal Article
In: The International Journal of Human Rights, 2020.
@article{Borgesius2020,
title = {Strengthening legal protection against discrimination by algorithms and artificial intelligence},
author = {Zuiderveen Borgesius, F.},
url = {https://doi-org.proxy.uba.uva.nl:2443/10.1080/13642987.2020.1743976},
year = {2020},
date = {2020-03-29},
journal = {The International Journal of Human Rights},
abstract = {Algorithmic decision-making and other types of artificial intelligence (AI) can be used to predict who will commit crime, who will be a good employee, who will default on a loan, etc. However, algorithmic decision-making can also threaten human rights, such as the right to non-discrimination. The paper evaluates current legal protection in Europe against discriminatory algorithmic decisions. The paper shows that non-discrimination law, in particular through the concept of indirect discrimination, prohibits many types of algorithmic discrimination. Data protection law could also help to defend people against discrimination. Proper enforcement of non-discrimination law and data protection law could help to protect people. However, the paper shows that both legal instruments have severe weaknesses when applied to artificial intelligence. The paper suggests how enforcement of current rules can be improved. The paper also explores whether additional rules are needed. The paper argues for sector-specific \textendash rather than general \textendash rules, and outlines an approach to regulate algorithmic decision-making.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Algorithmic decision-making and other types of artificial intelligence (AI) can be used to predict who will commit crime, who will be a good employee, who will default on a loan, etc. However, algorithmic decision-making can also threaten human rights, such as the right to non-discrimination. The paper evaluates current legal protection in Europe against discriminatory algorithmic decisions. The paper shows that non-discrimination law, in particular through the concept of indirect discrimination, prohibits many types of algorithmic discrimination. Data protection law could also help to defend people against discrimination. Proper enforcement of non-discrimination law and data protection law could help to protect people. However, the paper shows that both legal instruments have severe weaknesses when applied to artificial intelligence. The paper suggests how enforcement of current rules can be improved. The paper also explores whether additional rules are needed. The paper argues for sector-specific – rather than general – rules, and outlines an approach to regulate algorithmic decision-making.
Eskens, S.
The personal information sphere: An integral approach to privacy and related information and communication rights Journal Article
In: JASIST, vol. 71, no. 9, pp. 1116-1128, 2020.
@article{Eskens2020,
title = {The personal information sphere: An integral approach to privacy and related information and communication rights},
author = {Eskens, S.},
url = {https://www.ivir.nl/publicaties/download/jasist_2020.pdf},
doi = {https://doi.org/10.1002/asi.24354},
year = {2020},
date = {2020-03-20},
journal = {JASIST},
volume = {71},
number = {9},
pages = {1116-1128},
abstract = {Data protection laws, including the European Union General Data Protection Regulation, regulate aspects of online personalization. However, the data protection lens is too narrow to analyze personalization. To define conditions for personalization, we should understand data protection in its larger fundamental rights context, starting with the closely connected right to privacy. If the right to privacy is considered along with other European fundamental rights that protect information and communication flows, namely, communications confidentiality; the right to receive information; and freedom of expression, opinion, and thought, these rights are observed to enable what I call a “personal information sphere” for each person. This notion highlights how privacy interferences affect other fundamental rights. The personal information sphere is grounded in European case law and is thus not just an academic affair. The essence of the personal information sphere is control, yet with a different meaning than mere control as guaranteed by data protection law. The personal information sphere is about people controlling how they situate themselves in information and communication networks. It follows that, to respect privacy and related rights, online personalization providers should actively involve users in the personalization process and enable them to use personalization for personal goals.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Data protection laws, including the European Union General Data Protection Regulation, regulate aspects of online personalization. However, the data protection lens is too narrow to analyze personalization. To define conditions for personalization, we should understand data protection in its larger fundamental rights context, starting with the closely connected right to privacy. If the right to privacy is considered along with other European fundamental rights that protect information and communication flows, namely, communications confidentiality; the right to receive information; and freedom of expression, opinion, and thought, these rights are observed to enable what I call a “personal information sphere” for each person. This notion highlights how privacy interferences affect other fundamental rights. The personal information sphere is grounded in European case law and is thus not just an academic affair. The essence of the personal information sphere is control, yet with a different meaning than mere control as guaranteed by data protection law. The personal information sphere is about people controlling how they situate themselves in information and communication networks. It follows that, to respect privacy and related rights, online personalization providers should actively involve users in the personalization process and enable them to use personalization for personal goals.
Yakovleva, S.
Privacy Protection(ism): The Latest Wave of Trade Constraints on Regulatory Autonomy Journal Article
In: University of Miami Law Review, vol. 74, no. 2, pp. 416-519, 2020.
@article{Yakovleva2020,
title = {Privacy Protection(ism): The Latest Wave of Trade Constraints on Regulatory Autonomy},
author = {Yakovleva, S.},
url = {https://repository.law.miami.edu/umlr/vol74/iss2/5/},
year = {2020},
date = {2020-02-27},
journal = {University of Miami Law Review},
volume = {74},
number = {2},
pages = {416-519},
abstract = {Countries spend billions of dollars each year to strengthen their discursive power to shape international policy debates. They do so because in public policy conversations labels and narratives matter enormously. The “digital protectionism” label has been used in the last decade as a tool to gain the policy upper hand in digital trade policy debates about cross-border flows of personal and other data. Using the Foucauldian framework of discourse analysis, this Article brings a unique perspective on this topic. The Article makes two central arguments. First, the Article argues that the term “protectionism” is not endowed with an inherent meaning but is socially constructed by the power of discourse used in international negotiations, and in the interpretation and application of international trade policy and rules. In other words, there are as many definitions of “(digital) protectionism” as there are discourses. The U.S. and E.U. “digital trade” discourses illustrate this point. Using the same term, those trading partners advance utterly different discourses and agendas: an economic discourse with economic efficiency as the main benchmark (United States), and a more multidisciplinary discourse where both economic efficiency and protection of fundamental rights are equally important (European Union). Second, based on a detailed evaluation of the economic “digital trade” discourse, the Article contends that the coining of the term “digital protectionism” to refer to domestic information governance policies not yet fully covered by trade law disciplines is not a logical step to respond to objectively changing circumstances, but rather a product of that discourse, which is coming to dominate U.S.-led international trade negotiations. The Article demonstrates how this redefinition of “protectionism” has already resulted in the adoption of international trade rules in recent trade agreements further restricting domestic autonomy to protect the rights to privacy and the protection of personal data. The Article suggests that the distinction between privacy and personal data protection and protectionism is a moral question, not a question of economic efficiency. Therefore, when a policy conversation, such as the one on cross-border data flows, involves noneconomic spill-over effects to individual rights, such conversation should not be confined within the straightjacket of trade economics, but rather placed in a broader normative perspective. Finally, the Article argues that, in conducting recently restarted multilateral negotiations on electronic commerce at the World Trade Organization, countries should rethink the goals of international trade for the twenty-first century. Such goals should determine and define the discourse, not the other way around. The discussion should not be about what “protectionism” means but about how far domestic regimes are willing to let trade rules interfere in their autonomy to protect their societal, cultural, and political values.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Countries spend billions of dollars each year to strengthen their discursive power to shape international policy debates. They do so because in public policy conversations labels and narratives matter enormously. The “digital protectionism” label has been used in the last decade as a tool to gain the policy upper hand in digital trade policy debates about cross-border flows of personal and other data. Using the Foucauldian framework of discourse analysis, this Article brings a unique perspective on this topic. The Article makes two central arguments. First, the Article argues that the term “protectionism” is not endowed with an inherent meaning but is socially constructed by the power of discourse used in international negotiations, and in the interpretation and application of international trade policy and rules. In other words, there are as many definitions of “(digital) protectionism” as there are discourses. The U.S. and E.U. “digital trade” discourses illustrate this point. Using the same term, those trading partners advance utterly different discourses and agendas: an economic discourse with economic efficiency as the main benchmark (United States), and a more multidisciplinary discourse where both economic efficiency and protection of fundamental rights are equally important (European Union). Second, based on a detailed evaluation of the economic “digital trade” discourse, the Article contends that the coining of the term “digital protectionism” to refer to domestic information governance policies not yet fully covered by trade law disciplines is not a logical step to respond to objectively changing circumstances, but rather a product of that discourse, which is coming to dominate U.S.-led international trade negotiations. The Article demonstrates how this redefinition of “protectionism” has already resulted in the adoption of international trade rules in recent trade agreements further restricting domestic autonomy to protect the rights to privacy and the protection of personal data. The Article suggests that the distinction between privacy and personal data protection and protectionism is a moral question, not a question of economic efficiency. Therefore, when a policy conversation, such as the one on cross-border data flows, involves noneconomic spill-over effects to individual rights, such conversation should not be confined within the straightjacket of trade economics, but rather placed in a broader normative perspective. Finally, the Article argues that, in conducting recently restarted multilateral negotiations on electronic commerce at the World Trade Organization, countries should rethink the goals of international trade for the twenty-first century. Such goals should determine and define the discourse, not the other way around. The discussion should not be about what “protectionism” means but about how far domestic regimes are willing to let trade rules interfere in their autonomy to protect their societal, cultural, and political values.
van Hoboken, J.
The Privacy Disconnect Book Chapter
In: Chapter in: Human Rights in the Age of Platforms, ed. R.F. Jørgensen, Cambridge: The MIT Press, 2019., pp. 255-284, 2020, ISBN: 9780262039055.
@inbook{vanHoboken2020,
title = {The Privacy Disconnect},
author = {van Hoboken, J.},
url = {https://mitpress.mit.edu/books/human-rights-age-platforms
https://www.ivir.nl/publicaties/download/privacy_disconnect.pdf},
isbn = {9780262039055},
year = {2020},
date = {2020-02-07},
booktitle = {Chapter in: Human Rights in the Age of Platforms, ed. R.F. J\orgensen, Cambridge: The MIT Press, 2019.},
pages = {255-284},
keywords = {},
pubstate = {published},
tppubtype = {inbook}
}
Dobber, T.; Fahy, R.; Zuiderveen Borgesius, F.
The regulation of online political micro-targeting in Europe Journal Article
In: Internet Policy Review, vol. 8, no. 4, 2020.
@article{Dobber2020,
title = {The regulation of online political micro-targeting in Europe},
author = {Dobber, T. and Fahy, R. and Zuiderveen Borgesius, F.},
url = {https://policyreview.info/articles/analysis/regulation-online-political-micro-targeting-europe},
doi = {10.14763/2019.4.1440},
year = {2020},
date = {2020-01-16},
journal = {Internet Policy Review},
volume = {8},
number = {4},
abstract = {In this paper, we examine how online political micro-targeting is regulated in Europe. While there are no specific rules on such micro-targeting, there are general rules that apply. We focus on three fields of law: data protection law, freedom of expression, and sector-specific rules for political advertising; for the latter we examine four countries. We argue that the rules in the General Data Protection Regulation (GDPR) are necessary, but not sufficient. We show that political advertising, including online political micro-targeting, is protected by the right to freedom of expression. That right is not absolute, however. From a European human rights perspective, it is possible for lawmakers to limit the possibilities for political advertising. Indeed, some countries ban TV advertising for political parties during elections.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
In this paper, we examine how online political micro-targeting is regulated in Europe. While there are no specific rules on such micro-targeting, there are general rules that apply. We focus on three fields of law: data protection law, freedom of expression, and sector-specific rules for political advertising; for the latter we examine four countries. We argue that the rules in the General Data Protection Regulation (GDPR) are necessary, but not sufficient. We show that political advertising, including online political micro-targeting, is protected by the right to freedom of expression. That right is not absolute, however. From a European human rights perspective, it is possible for lawmakers to limit the possibilities for political advertising. Indeed, some countries ban TV advertising for political parties during elections.
Ausloos, J.; Veale, M.; Mahieu, R.
In: JIPITEC, vol. 10, no. 3, 2019.
@article{Ausloos2020,
title = {Getting Data Subject Rights Right: A submission to the European Data Protection Board from international data rights academics, to inform regulatory guidance},
author = {Ausloos, J. and Veale, M. and Mahieu, R.},
url = {https://www.jipitec.eu/issues/jipitec-10-3-2019/5031},
year = {2019},
date = {2019-12-31},
journal = {JIPITEC},
volume = {10},
number = {3},
abstract = {We are a group of academics active in research and practice around data rights. We believe that the European Data Protection Board (EDPB) guidance on data rights currently under development is an important point to resolve a variety of tensions and grey areas which, if left unaddressed, may significantly undermine the fundamental right to data protection. All of us were present at the recent stakeholder event on data rights in Brussels on 4 November 2019, and it is in the context and spirit of stakeholder engagement that we have created this document to explore and provide recommendations and examples in this area. This document is based on comprehensive empirical evidence as well as CJEU case law, EDPB (and, previously, Article 29 Working Party) guidance and extensive scientific research into the scope, rationale, effects and general modalities of data rights.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
We are a group of academics active in research and practice around data rights. We believe that the European Data Protection Board (EDPB) guidance on data rights currently under development is an important point to resolve a variety of tensions and grey areas which, if left unaddressed, may significantly undermine the fundamental right to data protection. All of us were present at the recent stakeholder event on data rights in Brussels on 4 November 2019, and it is in the context and spirit of stakeholder engagement that we have created this document to explore and provide recommendations and examples in this area. This document is based on comprehensive empirical evidence as well as CJEU case law, EDPB (and, previously, Article 29 Working Party) guidance and extensive scientific research into the scope, rationale, effects and general modalities of data rights.
Giannopoulou, A.
Access and Reuse of Machine-Generated Data for Scientific Research Journal Article
In: Erasmus Law Review, no. 2, pp. 155-165, 2019.
@article{Giannopoulou2019bb,
title = {Access and Reuse of Machine-Generated Data for Scientific Research},
author = {Giannopoulou, A.},
url = {https://www.ivir.nl/publicaties/download/Erasmus_Law_Review_2019.pdf},
doi = {10.5553/ELR.000136},
year = {2019},
date = {2019-12-20},
journal = {Erasmus Law Review},
number = {2},
pages = {155-165},
abstract = {Data driven innovation holds the potential in transforming current business and knowledge discovery models. For this reason, data sharing has become one of the central points of interest for the European Commission towards the creation of a Digital Single Market. The value of automatically generated data, which are collected by Internet-connected objects (IoT), is increasing: from smart houses to wearables, machine-generated data hold significant potential for growth, learning, and problem solving. Facilitating researchers in order to provide access to these types of data implies not only the articulation of existing legal obstacles and of proposed legal solutions but also the understanding of the incentives that motivate the sharing of the data in question. What are the legal tools that researchers can use to gain
access and reuse rights in the context of their research?},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Data driven innovation holds the potential in transforming current business and knowledge discovery models. For this reason, data sharing has become one of the central points of interest for the European Commission towards the creation of a Digital Single Market. The value of automatically generated data, which are collected by Internet-connected objects (IoT), is increasing: from smart houses to wearables, machine-generated data hold significant potential for growth, learning, and problem solving. Facilitating researchers in order to provide access to these types of data implies not only the articulation of existing legal obstacles and of proposed legal solutions but also the understanding of the incentives that motivate the sharing of the data in question. What are the legal tools that researchers can use to gain
access and reuse rights in the context of their research?
access and reuse rights in the context of their research?
Fahy, R.; van Hoboken, J.
European Regulation of Smartphone Ecosystems Journal Article
In: European Data Protection Law Review (EDPL), vol. 5, no. 4, pp. 476-491, 2019.
@article{Fahy2019eb,
title = {European Regulation of Smartphone Ecosystems},
author = {Fahy, R. and van Hoboken, J.},
url = {https://edpl.lexxion.eu/article/EDPL/2019/4/6},
doi = {https://doi.org/10.21552/edpl/2019/4/6},
year = {2019},
date = {2019-12-13},
journal = {European Data Protection Law Review (EDPL)},
volume = {5},
number = {4},
pages = {476-491},
abstract = {For the first time, two pieces of EU legislation will specifically target smartphone ecosystems in relation to smartphone and mobile software (eg, iOS and Android) privacy, and use and monetisation of data. And yet, both pieces of legislation approach data use and data monetisation from radically contrasting perspectives. The first is the proposed ePrivacy Regulation, which seeks to provide enhanced protection against user data monitoring and tracking in smartphones, and safeguard privacy in electronic communications. On the other hand, the recently enacted Platform-to-Business Regulation 2019, seeks to bring fairness to platform-business user relations (including app stores and app developers), and is crucially built upon the premise that the ability to access and use data, including personal data, can enable important value creation in the online platform economy. This article discusses how these two Regulations will apply to smartphone ecosystems, especially relating to user and device privacy. The article analyses the potential tension points between the two sets of rules, which result from the underlying policy objectives of safeguarding privacy in electronic communications and the functioning of the digital economy in the emerging era of platform governance. The article concludes with a discussion on how to address these issues, at the intersection of privacy and competition in the digital platform economy.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
For the first time, two pieces of EU legislation will specifically target smartphone ecosystems in relation to smartphone and mobile software (eg, iOS and Android) privacy, and use and monetisation of data. And yet, both pieces of legislation approach data use and data monetisation from radically contrasting perspectives. The first is the proposed ePrivacy Regulation, which seeks to provide enhanced protection against user data monitoring and tracking in smartphones, and safeguard privacy in electronic communications. On the other hand, the recently enacted Platform-to-Business Regulation 2019, seeks to bring fairness to platform-business user relations (including app stores and app developers), and is crucially built upon the premise that the ability to access and use data, including personal data, can enable important value creation in the online platform economy. This article discusses how these two Regulations will apply to smartphone ecosystems, especially relating to user and device privacy. The article analyses the potential tension points between the two sets of rules, which result from the underlying policy objectives of safeguarding privacy in electronic communications and the functioning of the digital economy in the emerging era of platform governance. The article concludes with a discussion on how to address these issues, at the intersection of privacy and competition in the digital platform economy.
Fondazione Giacomo Brodolini; Irion, K.
Fundamental rights review of EU data collection instruments and programmes Online
2019, (Final report).
@online{Brodolini2019,
title = {Fundamental rights review of EU data collection instruments and programmes},
author = {Fondazione Giacomo Brodolini and Irion, K. },
url = {http://www.fondazionebrodolini.it/sites/default/files/final_report_0.pdf},
year = {2019},
date = {2019-12-04},
abstract = {This report is the result of a Pilot Project requested by the European Parliament, managed by the Commission and carried out by a group of independent experts. The scope of the project was to establish and support an independent experts’ group to carry out a fundamental rights review of existing EU legislation and instruments in the Area of Freedom, Security and Justice (AFSJ) that involve the collection, retention, storage or transfer of personal data. One outcome of the project is a database of AFSJ legislation and instruments with individual fundamental rights assessments (at http://brodolini.mbs.it/). The final report concludes that that fundamental rights safeguards need to be more consistently considered and applied in the AFSJ. The conclusions highlight five broad issues for further consideration: ambiguous definitions and open terms; law enforcement access to migration databases; the expansion of centralised databases; data retention periods; and information rights and duties.},
note = {Final report},
keywords = {},
pubstate = {published},
tppubtype = {online}
}
This report is the result of a Pilot Project requested by the European Parliament, managed by the Commission and carried out by a group of independent experts. The scope of the project was to establish and support an independent experts’ group to carry out a fundamental rights review of existing EU legislation and instruments in the Area of Freedom, Security and Justice (AFSJ) that involve the collection, retention, storage or transfer of personal data. One outcome of the project is a database of AFSJ legislation and instruments with individual fundamental rights assessments (at http://brodolini.mbs.it/). The final report concludes that that fundamental rights safeguards need to be more consistently considered and applied in the AFSJ. The conclusions highlight five broad issues for further consideration: ambiguous definitions and open terms; law enforcement access to migration databases; the expansion of centralised databases; data retention periods; and information rights and duties.
van Daalen, O.
Justitie toegang geven tot versleutelde chatberichten is geen goed idee Journal Article
In: Trouw, 2019, (Opinie).
@article{vanDaalen2019b,
title = {Justitie toegang geven tot versleutelde chatberichten is geen goed idee},
author = {van Daalen, O.},
url = {https://www.trouw.nl/opinie/justitie-toegang-geven-tot-versleutelde-chatberichten-is-geen-goed-idee~bd398447/},
year = {2019},
date = {2019-11-08},
journal = {Trouw},
note = {Opinie},
keywords = {},
pubstate = {published},
tppubtype = {article}
}