Juraj Sajfert

European Data Protection Law Review, Jahrgang 6 (2020), Ausgabe 2, Seite 281 - 288

Paloma Krõõt Tupay

European Data Protection Law Review, Jahrgang 6 (2020), Ausgabe 2, Seite 294 - 300

Christina Etteldorf

European Data Protection Law Review, Jahrgang 6 (2020), Ausgabe 2, Seite 265 - 280

Anna Rita Popoli

European Data Protection Law Review, Jahrgang 6 (2020), Ausgabe 3, Seite 390 - 406

The article examines the various forms of liabilities that accredited certification bodies may incur in operating in the field of data protection, while also trying to offer some suggestions to improve the harmonisation in the pathological phase of litigation in certification mechanisms. Keywords: GDPR, Data Protection, Certification, Contractual Liability, Tort Liability, ADR/ODR

Joanna Strycharz, Jef Ausloos, Natali Helberger

European Data Protection Law Review, Jahrgang 6 (2020), Ausgabe 3, Seite 407 - 421

Strengthening individual rights, enhancing control over one’s data and raising awareness were among the main aims the European Commission set for the General Data Protection Regulation (GDPR). In order to assess whether these aims have been met, research into individual perceptions, awareness, and understanding of the Regulation is necessary. This study thus examines individual reactions to the GDPR in order to provide insights into user agency in relation to the Regulation. More specifically, it discusses empirical data (survey with N = 1288) on individual knowledge of, reactions to, and rights exercised under the GDPR in the Netherlands. The results show high awareness of the GDPR and knowledge of individual rights. At the same time, the Dutch show substantial reactance to the Regulation and doubt the effectiveness of their individual rights. These findings point to several issues obstructing the GDPR’s effectiveness, and constitute useful signposts for policy-makers and enforcement agencies to prioritise their strategies in achieving the original aims of the Regulation. Keywords: General Data Protection Regulation, Individual Perceptions, Reactance to Law, User Agency, User Empowerment

Leanne Cochrane, Lina Jasmontaite-Zaniewicz, David Barnard-Wills

European Data Protection Law Review, Jahrgang 6 (2020), Ausgabe 3, Seite 352 - 364

In this paper we explore EU data protection authorities’ (DPAs) role as leaders and educators, particularly in relation to awareness-raising efforts with Small and Medium-sized Enterprises (SMEs). The GDPR made awareness raising duties of DPAs explicit whilst SMEs face challenges complying with data protection law. We posit that DPAS should make better strategic use of collaboration with SME Associations as intermediaries to better access and understand the needs of SMEs. This collaboration could facilitate dissemination of guidance and information addressed to SMEs. It could also help to overcome concerns expressed by SME representatives about the existing guidance provided by DPAs as being overly generic, focused on legal theory, and in some states arriving too late for implementation. We suggest that by working together SME Associations and DPAs could increase their own working efficiency as well as the one of SMEs. We build our arguments on the findings of an online survey of 52-60 SMEs representatives and semi-structured qualitative interviews with 18 DPAs, 22 SME Association representatives and 11 SME representatives. Keywords: Awareness Raising, Compliance, Data Protection Authorities, Deterrence, Enforcement Strategies, General Data Protection Regulation

Paddy Leerssen, Barbara Giovanelli

European Data Protection Law Review, Jahrgang 6 (2020), Ausgabe 1, Seite 158 - 163

Arvid Peix

European Data Protection Law Review, Jahrgang 6 (2020), Ausgabe 1, Seite 128 - 132

Trix Mulder

European Data Protection Law Review, Jahrgang 5 (2019), Ausgabe 2, Seite 209 - 220

More and more, medical practitioners use modern technologies such as apps and wearables in their treatment plan. The GDPR defines these kinds of data as ‘data concerning health’. However, also the term ‘medical data’ is being used. Furthermore, the Council of Europe uses terms such as ‘personal health data’ and ‘medical welfare data’. Using all these different terms makes it difficult to understand what is protected by these terms and what is not. This article gives an historical overview of the evolution of the protection of data concerning health, which also leads to a discussion on the current broad definition and offers possible solutions for the use of (the term) ‘data concerning health’. Keywords: Data Concerning Health, GDPR, Data Protection, Council of Europe

Paola Aurucci

European Data Protection Law Review, Jahrgang 5 (2019), Ausgabe 2, Seite 197 - 208

This article aims to show the legal challenges rising from the use, reuse, linkage and analysis of sensitive data in observational studies. In order to spell out these challenges and a possible way of meeting them, the first section takes into account the distinctive nature of retrospective observational studies and Big Data anal. The second section shows how the General Data Protection Regulation faces the challenge of maximising the opportunities arising from these studies while protecting the privacy of individual patients through research exemptions. The last section focuses on the Italian data protection regime to show why delegation of powers back to the national legal systems of the Member States entails a number of critical drawbacks, like hampering the progress of medical research. Keywords: GDPR, Data Protection, Medical Research, Sensitive Data