Eva Lievens, Valerie Verdoodt

European Data Protection Law Review, Volume 9 (2023), Issue 4, Page 472 - 481

Paul M. Schwartz, Anupam Chander

European Data Protection Law Review, Volume 9 (2023), Issue 3, Page 296 - 304

The next decade will see increasing conflict between data privacy laws and international trade law. Governments are already concerned that privacy will be lost amid global data flows and have responded by enacting regulatory measures that might impede modern trade. While the European Union’s findings of ‘adequacy’ offer a potentially trade-friendly solution to cross-border data flows, fewer than a dozen countries have been found adequate. In addition, more than sixty countries have enacted laws where they too evaluate the adequacy of foreign privacy laws. This splintering of data privacy law complicates global trade as more nations review and potentially restrict outbound data flows. New solutions are needed to ensure the benefits of trade while safeguarding privacy. This paper argues that a broad international agreement is needed that sets minimum standards, develops common regulatory language, and creates binding commitments in the context of data privacy and trade law. Keywords: trade law, data protection law, World Trade Organization, adequacy finding, General Agreement on Trade in Services (GATS)

Dara Hallinan

European Data Protection Law Review, Volume 9 (2023), Issue 3, Page 311 - 332

This article aims to introduce and describe a concept depicting a specific and novel form of constitutional right, to offer a basic theoretical proposition on – theory of – EU data protection law on the basis of this concept, and to demonstrate the theoretical worth and practical utility of this proposition. In this regard, the article introduces and describes the concept of the interface right – a specific and novel form of constitutional right which essentially functions to mitigate the consequences of uncertainty, brought about by change in social context, for the functionality of a set of substantive constitutional rights, by providing a legal infrastructure which ensures a reflexive relationship between the order of substantive rights and social context. Building on this concept, the article then offers, and demonstrates the theoretical worth of, the following basic theoretical proposition on – theory of – EU data protection law: the right to data protection can be considered as an interface right, and secondary EU data protection law represents the unfolding of this underlying interface right.To demonstrate the practical utility of the basic theoretical proposition, the article then takes four significant issues in EU data protection law and shows how analysis of these issues through the perspective of the proposition can lead to novel insights and novel lines of enquiry. These issues include: i) the values served by the right to data protection; ii) norm creation in Data Protection Impact Assessments; iii) the legal status of guidance from the European Data Protection Board; and iv) the relationship between EU data protection law and medical research ethics. The article concludes with a consideration of certain significant objections which might be put forward against the concepts and propositions offered. Keywords: theory, data protection, interface right, complexity, uncertainty

Anna Rita Popoli

European Data Protection Law Review, Volume 6 (2020), Issue 3, Page 390 - 406

The article examines the various forms of liabilities that accredited certification bodies may incur in operating in the field of data protection, while also trying to offer some suggestions to improve the harmonisation in the pathological phase of litigation in certification mechanisms. Keywords: GDPR, Data Protection, Certification, Contractual Liability, Tort Liability, ADR/ODR

Joanna Strycharz, Jef Ausloos, Natali Helberger

European Data Protection Law Review, Volume 6 (2020), Issue 3, Page 407 - 421

Strengthening individual rights, enhancing control over one’s data and raising awareness were among the main aims the European Commission set for the General Data Protection Regulation (GDPR). In order to assess whether these aims have been met, research into individual perceptions, awareness, and understanding of the Regulation is necessary. This study thus examines individual reactions to the GDPR in order to provide insights into user agency in relation to the Regulation. More specifically, it discusses empirical data (survey with N = 1288) on individual knowledge of, reactions to, and rights exercised under the GDPR in the Netherlands. The results show high awareness of the GDPR and knowledge of individual rights. At the same time, the Dutch show substantial reactance to the Regulation and doubt the effectiveness of their individual rights. These findings point to several issues obstructing the GDPR’s effectiveness, and constitute useful signposts for policy-makers and enforcement agencies to prioritise their strategies in achieving the original aims of the Regulation. Keywords: General Data Protection Regulation, Individual Perceptions, Reactance to Law, User Agency, User Empowerment

Leanne Cochrane, Lina Jasmontaite-Zaniewicz, David Barnard-Wills

European Data Protection Law Review, Volume 6 (2020), Issue 3, Page 352 - 364

In this paper we explore EU data protection authorities’ (DPAs) role as leaders and educators, particularly in relation to awareness-raising efforts with Small and Medium-sized Enterprises (SMEs). The GDPR made awareness raising duties of DPAs explicit whilst SMEs face challenges complying with data protection law. We posit that DPAS should make better strategic use of collaboration with SME Associations as intermediaries to better access and understand the needs of SMEs. This collaboration could facilitate dissemination of guidance and information addressed to SMEs. It could also help to overcome concerns expressed by SME representatives about the existing guidance provided by DPAs as being overly generic, focused on legal theory, and in some states arriving too late for implementation. We suggest that by working together SME Associations and DPAs could increase their own working efficiency as well as the one of SMEs. We build our arguments on the findings of an online survey of 52-60 SMEs representatives and semi-structured qualitative interviews with 18 DPAs, 22 SME Association representatives and 11 SME representatives. Keywords: Awareness Raising, Compliance, Data Protection Authorities, Deterrence, Enforcement Strategies, General Data Protection Regulation

Juraj Sajfert

European Data Protection Law Review, Volume 6 (2020), Issue 2, Page 281 - 288

Paloma Krõõt Tupay

European Data Protection Law Review, Volume 6 (2020), Issue 2, Page 294 - 300

Njomëza Zejnullahu

European Data Protection Law Review, Volume 6 (2020), Issue 2, Page 308 - 313

Christina Etteldorf

European Data Protection Law Review, Volume 6 (2020), Issue 2, Page 265 - 280