Weiter zum Inhalt

Die Suche erzielte 34 Treffer.



The Data-Laundromat? Journal Artikel open-access

Public-Private-Partnerships and Publicly Available Data in the Area of Law Enforcement

Thilo Gottschalk

European Data Protection Law Review, Jahrgang 6 (2020), Ausgabe 1, Seite 21 - 40

Law enforcement increasingly relies on complex machine learning approaches to support investigations. With limited knowledge and funding LEAs often depend on opaque private-public collaborations. Failure to provide legal bases on the national level paired with shortcomings both in the GDPR and Directive EU-2016/680 (LED) result in severe risks for fundamental rights of EU citizens. To overcome these risks an interdisciplinary discussion is required. This paper hence sheds light on technical challenges and misconceptions as well as legal shortcomings to foster a common understanding of the challenges to find out how they might be addressed. To do so, the author searches for common ground of ‘public availability’ and reviews currently used technical approaches and common processing constellations. Based on the outcomes, the author proposes a change in the LED and discusses a centralised institution to govern access to novel data driven technology. Keywords: law enforcement; public-private partnership; data protection; GDPR; LED


Shortcomings of the Passenger Name Record Directive in Light of Opinion 1/15 of the Court of Justice of the European Union Journal Artikel

Sara Roda

European Data Protection Law Review, Jahrgang 6 (2020), Ausgabe 1, Seite 66 - 83

By 25 May 2020, the European Commission is obliged to conduct a full review of the Passenger Name Record (PNR) Directive and provide a comprehensive report to the European Parliament and the Council on seven key aspects of the said Directive. These range from an assessment of the necessity and proportionality for collecting and processing PNR data in relation to each of the Directive’s purposes, to the length of the data retention period, and even the effectiveness of exchanging information among Member States, including statistical information on the number of passengers whose PNR data has been collected, exchanged or identified for further examination. The review could lead the European Commission to present a legislative proposal to amend the PNR Directive which could either reinforce, maintain or dilute the EU PNR system. More recently, two not-for-profit associations have legally challenged the national PNR schemes based on the PNR Directive. This paper questions the validity of certain provisions of the Directive in light of Opinion 1/15 of the Court of Justice of the European Union of 26 July 2017 concerning the EU-Canada PNR Agreement. It also calls on the European Commission, as guardian of the EU Treaties and of EU law, to conform the PNR Directive to the Luxembourg Court case-law on mass data retention schemes, taking advantage of the review momentum. Keywords: CJEU; Opinion 1/15; Directive 2016/681; data protection; PNR; law enforcement; data retention; Articles 7 and 8 of the Charter of Fundamental Rights



Certification in Data Protection: New and Old Issues Concerning Certifiers’ Liabilities Journal Artikel

Anna Rita Popoli

European Data Protection Law Review, Jahrgang 6 (2020), Ausgabe 3, Seite 390 - 406

The article examines the various forms of liabilities that accredited certification bodies may incur in operating in the field of data protection, while also trying to offer some suggestions to improve the harmonisation in the pathological phase of litigation in certification mechanisms. Keywords: GDPR, Data Protection, Certification, Contractual Liability, Tort Liability, ADR/ODR


Data Protection or Data Frustration? Individual Perceptions and Attitudes Towards the GDPR Journal Artikel

Joanna Strycharz, Jef Ausloos, Natali Helberger

European Data Protection Law Review, Jahrgang 6 (2020), Ausgabe 3, Seite 407 - 421

Strengthening individual rights, enhancing control over one’s data and raising awareness were among the main aims the European Commission set for the General Data Protection Regulation (GDPR). In order to assess whether these aims have been met, research into individual perceptions, awareness, and understanding of the Regulation is necessary. This study thus examines individual reactions to the GDPR in order to provide insights into user agency in relation to the Regulation. More specifically, it discusses empirical data (survey with N = 1288) on individual knowledge of, reactions to, and rights exercised under the GDPR in the Netherlands. The results show high awareness of the GDPR and knowledge of individual rights. At the same time, the Dutch show substantial reactance to the Regulation and doubt the effectiveness of their individual rights. These findings point to several issues obstructing the GDPR’s effectiveness, and constitute useful signposts for policy-makers and enforcement agencies to prioritise their strategies in achieving the original aims of the Regulation. Keywords: General Data Protection Regulation, Individual Perceptions, Reactance to Law, User Agency, User Empowerment


Data Protection Authorities and their Awareness-raising Duties under the GDPR: The Case for Engaging Umbrella Organisations to Disseminate Guidance for Small and Medium-size Enterprises Journal Artikel open-access

Leanne Cochrane, Lina Jasmontaite-Zaniewicz, David Barnard-Wills

European Data Protection Law Review, Jahrgang 6 (2020), Ausgabe 3, Seite 352 - 364

In this paper we explore EU data protection authorities’ (DPAs) role as leaders and educators, particularly in relation to awareness-raising efforts with Small and Medium-sized Enterprises (SMEs). The GDPR made awareness raising duties of DPAs explicit whilst SMEs face challenges complying with data protection law. We posit that DPAS should make better strategic use of collaboration with SME Associations as intermediaries to better access and understand the needs of SMEs. This collaboration could facilitate dissemination of guidance and information addressed to SMEs. It could also help to overcome concerns expressed by SME representatives about the existing guidance provided by DPAs as being overly generic, focused on legal theory, and in some states arriving too late for implementation. We suggest that by working together SME Associations and DPAs could increase their own working efficiency as well as the one of SMEs. We build our arguments on the findings of an online survey of 52-60 SMEs representatives and semi-structured qualitative interviews with 18 DPAs, 22 SME Association representatives and 11 SME representatives. Keywords: Awareness Raising, Compliance, Data Protection Authorities, Deterrence, Enforcement Strategies, General Data Protection Regulation


Tort and Data Protection Law: Journal Artikel

Are There Any Lessons to Be Learnt?

Leon Trakman, Robert Walters, Bruno Zeller

European Data Protection Law Review, Jahrgang 5 (2019), Ausgabe 4, Seite 500 - 519

The development and evolution of data protection law is not fully realised. One challenge that has emerged is the recognition of a tort for violating a person’s personal information contrary to data protection law. The issue is that courts have found it difficult to determine and assess the harm caused to the data subject. The courts in the United Kingdom (UK) and Canada have recently developed a tort for infringing privacy in personal data. What has emerged is that courts in those two countries have begun to establish some key principles to underpin a tort violating privacy, by providing guidance on measuring the ensuing harm. That tort is also developing in the United States. This article argues that other common law jurisdictions, notably Australia, should consider going down the same pathway, by establishing a privacy tort over the Internet. Such a tort in data protection will provide a higher level of control to data subjects over their personal data and deter entities from misusing that data. However, that tort may fail to protect data subjects from the misuse of their personal data if the law requires harm to eventuate, as is required by the tradition tort of privacy. This must be considered with caution because, unlike traditional notions of a tort in privacy, a privacy violation of over the Internet may take weeks, months or years to identify. Contrarily, tort law has been effective in reducing and deterring negligence in privacy related cases, strengthening the rationale for a tort in personal data over the Internet. Keywords: Australia, Data Protection, European Union, Personal Data, Tort, United Kingdom


Challenging the EU's ‘Right to Be Forgotten’? Society's ‘Right to Know’ in Japan Journal Artikel

Frederike Zufall

European Data Protection Law Review, Jahrgang 5 (2019), Ausgabe 1, Seite 17 - 25

This article asks the extent to which the concept of the ‘right to be forgotten’ has been received by Japanese law – or whether, to the contrary, Japan is challenging the EU's concept. In a 2017 judgment, the Japanese Supreme Court rejected a request for injunctive relief to delete search results from the search engine Google. The decisive argument focused on the public interest around the facts concerned: a crime committed by the applicant several years earlier. The court did not just award the right to freedom of expression to Google, but centred its decision on society's right to know – thereby putting society's interest before that of the individual. In the light of the pending adoption of the EU-Japan adequacy decision, this divergence from the EU concept raises doubts as to whether 'adequacy' can be achieved between legal systems founded on cultural differences. Can we still afford to base our legal regimes on different social consciousness in the era of a borderless Internet? Keywords: Data Protection Law, Japan, Right to Be Forgotten, Adequacy Decision


Aktuelle Ausgabe