The rapid development of information technology has exacerbated the need for robust personal data protection, the right to which is safeguarded by both European Union (EU) and Council of Europe (CoE) instruments. Safeguarding this important right entails new and significant challenges as technological advances expand the frontiers of areas such as surveillance, communication interception and data storage. This handbook is designed to familiarise legal practitioners not specialised in data protection with this emerging area of the law. It provides an overview of the EU’s and the CoE’s applicable legal frameworks. It also explains key case law, summarising major rulings of both the Court of Justice of the European Union and the European Court of Human Rights. In addition, it presents hypothetical scenarios that serve as practical illustrations of the diverse issues encountered in this ever-evolving field.
GDPR: Personal Data Protection in the European Union Mariusz Krzysztofek Personal data protection has become one of the central issues in any understanding of the current world system. In this connection, the European Union (EU) has created the most sophisticated regime currently in force with the General Data Protection Regulation (GDPR) (EU) 2016/679. Following the GDPR’s recent reform – the most extensive since the first EU laws in this area were adopted and implemented into the legal orders of the Member States – this book offers a comprehensive discussion of all principles of personal data processing, obligations of data controllers, and rights of data subjects, providing a thorough, up-to-date account of the legal and practical aspects of personal data protection in the EU. Coverage includes the recent Court of Justice of the European Union (CJEU) judgment on data transfers and new or updated data protection authorities’ guidelines in the EU Member States. Among the broad spectrum of aspects of the subject covered are the following: – right to privacy judgments of the CJEU and the European Court of Human Rights; – scope of the GDPR and its key definitions, key principles of personal data processing; – legal bases for the processing of personal data; – direct and digital marketing, cookies, and online behavioural advertising; – processing of personal data of employees; – sensitive data and criminal records; – information obligation & privacy notices; – data subjects rights; – data controller, joint controllers, and processors; – data protection by design and by default, data security measures, risk-based approach, records of personal data processing activities, notification of a personal data breach to the supervisory authority and communication to the data subject, data protection impact assessment, codes of conduct and certification; – Data Protection Officer; – transfers of personal data to non-EU/EEA countries; and – privacy in the Internet and surveillance age. Because the global scale and evolution of information technologies have changed the data processing environment and brought new challenges, and because many non-EU jurisdictions have adopted equivalent regimes or largely analogous regulations, the book will be of great usefulness worldwide. Multinational corporations and their customers and contractors will benefit enormously from consulting and using this book, especially in conducting case law, guidelines and best practices formulated by European data protection authorities. For lawyers and academics researching or advising clients on this area, this book provides an indispensable source of practical guidance and information for many years to come.
Although Europe has a significant legal data protection framework, built up around EU Directive 95/46/EC and the Charter of Fundamental Rights, the question of whether data protection and its legal framework are ‘in good health’ is increasingly being posed. Advanced technologies raise fundamental issues regarding key concepts of data protection. Falling storage prices, increasing chips performance, the fact that technology is becoming increasingly embedded and ubiquitous, the convergence of technologies and other technological developments are broadening the scope and possibilities of applications rapidly. Society however, is also changing, affecting the privacy and data protection landscape. The ‘demand’ for free services, security, convenience, governance, etc, changes the mindsets of all the stakeholders involved. Privacy is being proclaimed dead or at least worthy of dying by the captains of industry; governments and policy makers are having to manoeuvre between competing and incompatible aims; and citizens and customers are considered to be indifferent. In the year in which the plans for the revision of the Data Protection Directive will be revealed, the current volume brings together a number of chapters highlighting issues, describing and discussing practices, and offering conceptual analysis of core concepts within the domain of privacy and data protection. The book’s first part focuses on surveillance, profiling and prediction; the second on regulation, enforcement, and security; and the third on some of the fundamental concepts in the area of privacy and data protection. Reading the various chapters it appears that the ‘patient’ needs to be cured of quite some weak spots, illnesses and malformations. European data protection is at a turning point and the new challenges are not only accentuating the existing flaws and the anticipated difficulties, but also, more positively, the merits and the need for strong and accurate data protection practices and rules in Europe, and elsewhere.
The new edition of this acclaimed book has been expanded to give a fully updated overview of European data protection law, with a focus on data protection compliance issues affecting companies, and incorporating the important legal developments which have taken place since the last edition was published. These include the first three cases of the European Court of Justice interpreting the EU Data Protection Directive (95/46); accession of new Member States to the EU; the new Data Retention Directive; new developments on international data transfers, such as model contracts and binding corporate rules; and conflicts between US security requirements and EU data protection law. The book provides pragmatic guidance for companies faced with data protection compliance issues. It includes extensive appendices, such as texts of the relevant directives, model contracts, and overviews of Member State implementations.
Today, consent is a fundamental concept in the European legal framework on data protection. The analysis of the historical and theoretical context carried out in this book reveals that consent was not an intrinsic notion in the birth of data protection. The concept of consent was included in data protection legislation in order to enhance the role of the data subject in the data protection arena, and to allow the data subject to have more control over the collection and processing of his/her personal information. This book examines the concept of consent and its requirements in the Data Protection Directive, taking into account contemporary considerations on bioethics and medical ethics, as well as recent developments in the framework of the review of the Directive. It further studies issues of consent in electronic communications, carrying out an analysis of the consent-related provisions of the ePrivacy Directive.
Nearly two decades after the EU first enacted data protection rules, key questions about the nature and scope of this EU policy, and the harms it seeks to prevent, remain unanswered. The inclusion of a Right to Data Protection in the EU Charter has increased the salience of these questions, which must be addressed in order to ensure the legitimacy, effectiveness and development of this Charter right and the EU data protection regime more generally. The Foundations of EU Data Protection Law is a timely and important work which sheds new light on this neglected area of law, challenging the widespread assumption that data protection is merely a subset of the right to privacy. By positioning EU data protection law within a comprehensive conceptual framework, it argues that data protection has evolved from a regulatory instrument into a fundamental right in the EU legal order and that this right grants individuals more control over more forms of data than the right to privacy. It suggests that this dimension of the right to data protection should be explicitly recognized, while identifying the practical and conceptual limits of individual control over personal data. At a time when EU data protection law is sitting firmly in the international spotlight, this book offers academics, policy-makers, and practitioners a coherent vision for the future of this key policy and fundamental right in the EU legal order, and how best to realize it.
This open access book comprehensively covers the fundamentals of clinical data science, focusing on data collection, modelling and clinical applications. Topics covered in the first section on data collection include: data sources, data at scale (big data), data stewardship (FAIR data) and related privacy concerns. Aspects of predictive modelling using techniques such as classification, regression or clustering, and prediction model validation will be covered in the second section. The third section covers aspects of (mobile) clinical decision support systems, operational excellence and value-based healthcare. Fundamentals of Clinical Data Science is an essential resource for healthcare professionals and IT consultants intending to develop and refine their skills in personalized medicine, using solutions based on large datasets from electronic health records or telemonitoring programmes. The book’s promise is “no math, no code”and will explain the topics in a style that is optimized for a healthcare audience.
EU data protection law is of great practical relevance for any company doing business in today's global information economy. This book provides a detailed and practical exposition of European data protection law in the context of the issues that arise in electronic commerce and dataprocessing. It analyses the relevant EU legislation and case-law, and makes particular reference to the EU Data Protection Directives as well as to the national regulatory systems in Europe and the US. Numerous examples are taken from practice, and advice is given on how the relevant data protectionlaws apply to and impact upon business in Europe, the US, and worldwide. Beginning with a detailed description of the legislative process, the book goes on to discuss the basic legal concepts underlying data protection law. It then focuses on how to determine whether EU law applies to particular electronic commerce and online activities, and how to transfer personal dataoutside Europe so as to comply with EU law. The book also includes a comprehensive analysis of how to deal with complex compliance challenges, including notification of databases, processing of employee data, privacy policies, and website compliance and standardization. The key legislative texts needed to deal with complex data protection issues are included in the appendices, along with forms and precedents, contact information for data protection authorities, and links to useful websites. The book is fully up-to-date with the amendments to the TelecommunicationsData Protection Directive passed in the summer of 2002.
This book explores the coming into being in European Union (EU) law of the fundamental right to personal data protection. Approaching legal evolution through the lens of law as text, it unearths the steps that led to the emergence of this new right. It throws light on the right’s significance, and reveals the intricacies of its relationship with privacy. The right to personal data protection is now officially recognised as an EU fundamental right. As such, it is expected to play a critical role in the future European personal data protection legal landscape, seemingly displacing the right to privacy. This volume is based on the premise that an accurate understanding of the right’s emergence is crucial to ensure its correct interpretation and development. Key questions addressed include: How did the new right surface in EU law? How could the EU Charter of Fundamental Rights claim to render ‘more visible’ an invisible right? And how did EU law allow for the creation of a new right while ensuring consistency with existing legal instruments and case law? The book first investigates the roots of personal data protection, studying the redefinition of privacy in the United States in the 1960s, as well as pioneering developments in European countries and in international organisations. It then analyses the EU’s involvement since the 1970s up to the introduction of legislative proposals in 2012. It grants particular attention to changes triggered in law by language and, specifically, by the coexistence of languages and legal systems that determine meaning in EU law. Embracing simultaneously EU law’s multilingualism and the challenging notion of the untranslatability of words, this work opens up an inspiring way of understanding legal change. This book will appeal to legal scholars, policy makers, legal practitioners, privacy and personal data protection activists, and philosophers of law, as well as, more generally, anyone interested in how law works.
