Skip to content

The search returned 20 results.

The Data-Laundromat? journal article open-access

Public-Private-Partnerships and Publicly Available Data in the Area of Law Enforcement

Thilo Gottschalk

European Data Protection Law Review, Volume 6 (2020), Issue 1, Page 21 - 40

Law enforcement increasingly relies on complex machine learning approaches to support investigations. With limited knowledge and funding LEAs often depend on opaque private-public collaborations. Failure to provide legal bases on the national level paired with shortcomings both in the GDPR and Directive EU-2016/680 (LED) result in severe risks for fundamental rights of EU citizens. To overcome these risks an interdisciplinary discussion is required. This paper hence sheds light on technical challenges and misconceptions as well as legal shortcomings to foster a common understanding of the challenges to find out how they might be addressed. To do so, the author searches for common ground of ‘public availability’ and reviews currently used technical approaches and common processing constellations. Based on the outcomes, the author proposes a change in the LED and discusses a centralised institution to govern access to novel data driven technology. Keywords: law enforcement; public-private partnership; data protection; GDPR; LED

Shortcomings of the Passenger Name Record Directive in Light of Opinion 1/15 of the Court of Justice of the European Union journal article

Sara Roda

European Data Protection Law Review, Volume 6 (2020), Issue 1, Page 66 - 83

By 25 May 2020, the European Commission is obliged to conduct a full review of the Passenger Name Record (PNR) Directive and provide a comprehensive report to the European Parliament and the Council on seven key aspects of the said Directive. These range from an assessment of the necessity and proportionality for collecting and processing PNR data in relation to each of the Directive’s purposes, to the length of the data retention period, and even the effectiveness of exchanging information among Member States, including statistical information on the number of passengers whose PNR data has been collected, exchanged or identified for further examination. The review could lead the European Commission to present a legislative proposal to amend the PNR Directive which could either reinforce, maintain or dilute the EU PNR system. More recently, two not-for-profit associations have legally challenged the national PNR schemes based on the PNR Directive. This paper questions the validity of certain provisions of the Directive in light of Opinion 1/15 of the Court of Justice of the European Union of 26 July 2017 concerning the EU-Canada PNR Agreement. It also calls on the European Commission, as guardian of the EU Treaties and of EU law, to conform the PNR Directive to the Luxembourg Court case-law on mass data retention schemes, taking advantage of the review momentum. Keywords: CJEU; Opinion 1/15; Directive 2016/681; data protection; PNR; law enforcement; data retention; Articles 7 and 8 of the Charter of Fundamental Rights

Immigration Exemption and the European Convention on Human Rights journal article

Matthew White

European Data Protection Law Review, Volume 5 (2019), Issue 1, Page 26 - 42

The European Union has introduced the General Data Protection Regulation to reform and update data protection laws across Member States. To comply, the United Kingdom has introduced the Data Protection Act 2018. This article focuses on one schedule of the new Act, a data protection exemption for effective immigration control purposes. Considering that the UK Parliament has not implemented the Charter of Fundamental Rights into domestic law post-Brexit, it is therefore necessary to consider this exemption under the European Convention on Human Rights. Recital 73 of the Regulation requires any restrictions on the protection of personal data to be compatible with the Convention. In concluding that the exemption is incompatible with the Convention, this will highlight that not only would the UK be failing their existing human rights obligations but also raises concerns about the UK’s adequacy status as a third country post-Brexit. Keywords: Immigration, Exemptions, Article 8 ECHR, Effective Remedy, Discrimination

Challenging the EU's ‘Right to Be Forgotten’? Society's ‘Right to Know’ in Japan journal article

Frederike Zufall

European Data Protection Law Review, Volume 5 (2019), Issue 1, Page 17 - 25

This article asks the extent to which the concept of the ‘right to be forgotten’ has been received by Japanese law – or whether, to the contrary, Japan is challenging the EU's concept. In a 2017 judgment, the Japanese Supreme Court rejected a request for injunctive relief to delete search results from the search engine Google. The decisive argument focused on the public interest around the facts concerned: a crime committed by the applicant several years earlier. The court did not just award the right to freedom of expression to Google, but centred its decision on society's right to know – thereby putting society's interest before that of the individual. In the light of the pending adoption of the EU-Japan adequacy decision, this divergence from the EU concept raises doubts as to whether 'adequacy' can be achieved between legal systems founded on cultural differences. Can we still afford to base our legal regimes on different social consciousness in the era of a borderless Internet? Keywords: Data Protection Law, Japan, Right to Be Forgotten, Adequacy Decision

The Protection of Data Concerning Health in Europe journal article

Trix Mulder

European Data Protection Law Review, Volume 5 (2019), Issue 2, Page 209 - 220

More and more, medical practitioners use modern technologies such as apps and wearables in their treatment plan. The GDPR defines these kinds of data as ‘data concerning health’. However, also the term ‘medical data’ is being used. Furthermore, the Council of Europe uses terms such as ‘personal health data’ and ‘medical welfare data’. Using all these different terms makes it difficult to understand what is protected by these terms and what is not. This article gives an historical overview of the evolution of the protection of data concerning health, which also leads to a discussion on the current broad definition and offers possible solutions for the use of (the term) ‘data concerning health’. Keywords: Data Concerning Health, GDPR, Data Protection, Council of Europe

Legal Issues in Regulating Observational Studies: journal article

The impact of the GDPR on Italian Biomedical Research

Paola Aurucci

European Data Protection Law Review, Volume 5 (2019), Issue 2, Page 197 - 208

This article aims to show the legal challenges rising from the use, reuse, linkage and analysis of sensitive data in observational studies. In order to spell out these challenges and a possible way of meeting them, the first section takes into account the distinctive nature of retrospective observational studies and Big Data anal. The second section shows how the General Data Protection Regulation faces the challenge of maximising the opportunities arising from these studies while protecting the privacy of individual patients through research exemptions. The last section focuses on the Italian data protection regime to show why delegation of powers back to the national legal systems of the Member States entails a number of critical drawbacks, like hampering the progress of medical research. Keywords: GDPR, Data Protection, Medical Research, Sensitive Data

Peter Nowak v Data Protection Commissioner: journal article

Potential Aftermaths Regarding Subjective Annotations in Clinical Records

Daniel Jove

European Data Protection Law Review, Volume 5 (2019), Issue 2, Page 175 - 183

On 20 December 2017 the European Court of Justice gave its judgment on the Nowak case. This ruling addresses the potential application of the General Data Protection Regulation (GDPR) to the answers and subjective comments of the examiner. The classification of this data as personal data entails, for the candidate, the possibility of using their rights of access, rectification and objection. This study analyses the Nowak ruling and reflects on the possibility of extrapolating the doctrine which it establishes to other areas. The spotlight is placed specifically on subjective comments in a medical history. The nature of this information is analysed in order to establish whether it is the patient’s personal data and also if limiting the right to access this information is compatible with the GDPR. Keywords: Data Protection, Subjective Annotations, Clinical Record, GDPR, General Data Protection Regulation, European Court of Justice

Assessing the Legal and Ethical Impact of Data Reuse: journal article

Developing a Tool for Data Reuse Impact Assessments (DRIA)

Bart Custers, Helena U Vrabec, Michael Friedewald

European Data Protection Law Review, Volume 5 (2019), Issue 3, Page 317 - 337

In the data economy, many organisations, particularly SMEs may not be in a position to generate large amounts of data themselves, but may benefit from reusing data previously collected by others. Organisations that collect large amounts of data themselves may also benefit from reusing such data for other purposes than originally envisioned. However, under the current EU personal data protection legal framework, constituted by the General Data Protection Regulation, there are clear limits and restrictions to the reuse of personal data. Data can only be reused for purposes that are compatible with the original purposes for which the data were collected and processed. This is at odds with the reality of the data economy, in which there is a considerable need for data reuse. To address this issue, in this article we present the concept of a Data Reuse Impact Assessment (DRIA), which can be considered as an extension to existing Privacy and Data Protection Impact Assessments (PIAs and DPIAs). By adding new elements to these existing tools that specifically focus on the reuse of data and aspects regarding data ethics, a DRIA may typically be helpful to strike a better balance between the protection of personal data that is being reused and the need for data reuse in the data economy. Using a DRIA may contribute to increased trust among data subjects that their personal data is adequately protected. Data subjects, in turn, may then be willing to share more data, which on the long term may also be beneficial for the data economy. Keywords: Data Reuse, Data Protection, Privacy, Data Protection Impact Assessments, Privacy Impact Assessments