-
Re-thinking the allocation of roles under the GDPR in the context of cloud computing Int. Data Priv. Law (IF 2.6) Pub Date : 2023-11-10 Cyril Fischer
• Cloud computing is a well-established and flourishing phenomenon, whose key activity on personal data is the storage thereof. This study analyses the allocation of the controller–processor roles under the General Data Protection Regulation (GDPR) to the cloud computing actors in the context of the storage of personal data. It examines the current controller–processor model and suggests a joint controllership
-
The constitutionality of the new Indian CERT-In VPN rules Int. Data Priv. Law (IF 2.6) Pub Date : 2023-07-24 Siddharth Chaturvedi, Himanshi Srivastava
This article examines the constitutionality of the Cyber Security Directions released by Computer Emergency Response Team India (CERT-In). The new guidelines issued by CERT-In, the nodal agency of the Ministry of Electronics and Information Technology, have been in the news in India due to concerns being raised by various companies and privacy watchdogs like the Internet Freedom Foundation that the
-
Fraud detection in motor insurance: privacy and data protection concerns under EU Law Int. Data Priv. Law (IF 2.6) Pub Date : 2022-04-01 Jeffrey Amankwah,Caroline Van Schoubroeck
Abstract This article focuses on the privacy and data protection concerns under European Union (EU) law with respect to the detection of insurance fraud in motor insurance. Insurance fraud—in the context of this article—encompasses all claims where an insured intends to deceive an insurer, aiming to direct payment towards a person who is not the intended recipient, or to procure payment to which the
-
The GDPR and unstructured data: is anonymization possible? Int. Data Priv. Law (IF 2.6) Pub Date : 2022-03-23 Emily M Weitzenboeck,Pierre Lison,Malgorzata Cyndecka,Malcolm Langford
-
Federico Fabbrini, Edoardo Celeste and John Quinn (eds), Data Protection Beyond Borders Int. Data Priv. Law (IF 2.6) Pub Date : 2022-03-11 Laura Drechsler
-
Carissa Véliz, Privacy Is Power: Why and How You Should Take Back Control of Your Data Int. Data Priv. Law (IF 2.6) Pub Date : 2022-03-09 Louise Wilsdon
-
The logical fallacies of the legal bases for data processing in and beyond clinical trials† Int. Data Priv. Law (IF 2.6) Pub Date : 2022-02-11 Pormeister K.
Key Points The European Data Protection Board's opinion on the interplay between the General Data Protection Regulation and the Clinical Trials Regulation (CTR) contains logical fallacies. The European Data Protection Board (EDPB) argues that consent is generally not an appropriate legal basis for the processing of personal data for primary research purposes in clinical trials due to a presumed imbalance
-
Artificial intelligence in health care: data protection concerns in Malaysia Int. Data Priv. Law (IF 2.6) Pub Date : 2022-02-09 Mohsin Dhali, Shafiqul Hassan, Sonny Zulhuda, Suzi Fadhilah Bt Ismail
• The application of artificial intelligence (AI) has transformed the existing notion of the health care system. The concept of AI is not new, but increasing computational power and big data, the Internet of Things, and advanced analytical power ushers in new opportunities to realize the full potential of AI. Recently, there has been an increased application of AI in the health care system, potentially
-
Quis custodiet ipsos custodes? Data protection in the judiciary in EU and EEA Member States Int. Data Priv. Law (IF 2.6) Pub Date : 2022-01-20 Custers B, Louis L, Spinelli M, et al.
Key Points Compliance with data protection legislation shall be subject to control by an independent authority, also for the judiciary. However, in order to safeguard the independence of the judiciary, both the General Data Protection Regulation and the Law Enforcement Directive explicitly state that national Data Protection Authorities are not competent to supervise courts ‘when acting in their judicial
-
Untrodden paths towards the right to privacy in the digital era under African human rights law Int. Data Priv. Law (IF 2.6) Pub Date : 2022-01-17 Yohannes Eneyew Ayalew
-
Complying with the GDPR when vulnerable people use smart devices Int. Data Priv. Law (IF 2.6) Pub Date : 2022-01-11 Stanislaw Piasecki, Jiahong Chen
• The number of smart home devices is increasing. They are used by vulnerable people regardless of whether they are designed specifically for them or for the general population (eg, smart door locks, smart alarms, or voice assistants). • This article focuses on children and inherently vulnerable adults, and analyses how to comply with the General Data Protection Regulation (GDPR) when the latter use
-
Revisiting the definition of health data in the age of digitalized health care Int. Data Priv. Law (IF 2.6) Pub Date : 2021-12-10 Werner Schäfke-Zell
-
Putting a price on data protection infringement Int. Data Priv. Law (IF 2.6) Pub Date : 2021-12-06 Mona Naomi Lintvedt
-
International Transfers: Johnson v Secretary of State for the Home Department [2020] and Diplomatic Missions Int. Data Priv. Law (IF 2.6) Pub Date : 2021-12-06 Claire E M Jervis
-
Nigeria’s data protection legal and institutional model: an overview Int. Data Priv. Law (IF 2.6) Pub Date : 2021-10-20 Olumide Babalola
Key Points In the past two decades, the unprecedented incursion of technology into the economic and socio-cultural activities in Nigeria increasingly posed many unanswered questions on data protection and privacy. Consequently, this led to the country’s numerous attempts to enact a principal data protection legislation in addition to the existing sectoral laws on the subject. Despite its ratification
-
On (some aspects of) social privacy in the social media space Int. Data Priv. Law (IF 2.6) Pub Date : 2021-10-20 Adrian Kuenzler
Key Points This commentary ties in with an emerging field in privacy scholarship that focuses on collective rather than individualistic viewpoints: recent debates address privacy in digital markets in terms of individual rights to choose between different options, such as between Facebook, Instagram, Snapchat, or Twitter, while users of digital platforms try to make sense of who they are and how they
-
Is that your final decision? Multi-stage profiling, selective effects, and Article 22 of the GDPR Int. Data Priv. Law (IF 2.6) Pub Date : 2021-10-20 Binns R, Veale M.
Engineering and Physical Sciences Research Council (EPSRC)EP/S035362/1Digital Charter Fellowship from the Alan Turing Institute and Department for Digital
-
Erratum to: Reflections on the murky legal practices of political micro-targeting from a GDPR perspective Int. Data Priv. Law (IF 2.6) Pub Date : 2021-10-14 Blasi Casagran C, Vermeulen M.
International Data Privacy Law 2021. doi: 10.1093/idpl/ipab018
-
EU data protection under the TCA: the UK adequacy decision and the twin GDPRs Int. Data Priv. Law (IF 2.6) Pub Date : 2021-10-12 Choromidou A.
Key Points The UK’s exit from the European Union redefined the relationship between the two of them, including with respect to data protection. It affected stakeholders operating in the area and caused uncertainty in the conduct of previously streamlined business practices and exchanges under the harmonized regime of the GDPR. This article examines the framework for personal data protection agreed
-
Geo-location technology: restricting access to online content without illegitimate extraterritorial effects Int. Data Priv. Law (IF 2.6) Pub Date : 2021-07-22 Quinn J.
Key Points Geo-location technology enables internet content providers to identify the location of users, allowing them to give effect to national laws which restrict access to content without needing to apply those laws in other jurisdictions. While geo-location technology can be circumvented, restricting access to online content is not an area of absolutes; the rights which justify restricting access
-
Cobwebs of control: the two imaginations of the data controller in EU law Int. Data Priv. Law (IF 2.6) Pub Date : 2021-08-21 Finck M.
Article 4(7) of the General Data Protection Regulation11 (‘GDPR’) defines the data controller as the natural or legal person that determines the purposes (the ‘why’) and the means (the ‘how’) of personal data processing.22 Article 24 provides that ‘[w]here two or more controllers jointly determine the purposes and means of processing, they shall be joint controllers’. These legislative definitions
-
Reflections on the murky legal practices of political micro-targeting from a GDPR perspective Int. Data Priv. Law (IF 2.6) Pub Date : 2021-08-20 Blasi Casagran C, Vermeulen M.
Key Points This article seeks to explore one of the recent controversial EU debates related to political micro-targeting (PMT): is the practice of PMT compliant with the EU’s General Data Protection Regulation (GDPR)? After examining the two most relevant ad targeting tools used for PMT, this article examines how PMT raises several questions related to (i) some of the principles listed in Article 5
-
Data protection and international organizations: a dialogue between EU law and international law Int. Data Priv. Law (IF 2.6) Pub Date : 2021-06-10 Peter Hustinx
Opening remarks given at the online conference on the GDPR and international organizations held on 26 February 2021:11
-
Problems with controller-based responsibility in EU data protection law Int. Data Priv. Law (IF 2.6) Pub Date : 2021-06-18 Wong B.
Key Points EU data protection law uses a ‘controller-based responsibility system’, wherein responsibility is primarily attributed to the ‘controller’ of the processing of personal data. This article argues that the EU’s controller-based responsibility system suffers from a number of problems, including problems arising from Court of Justice of the European Union (CJEU) case law, as well as problems
-
A certain standard of protection for international transfers of personal data under the GDPR Int. Data Priv. Law (IF 2.6) Pub Date : 2021-06-10 Gulczyńska Z.
Key Points The GDPR deploys various notions to describe the standard(s) of protection required for international transfers of personal data depending on the basis on which the transfer is carried out. However, in Schrems II the Court has established that one single standard of protection should be achieved for all types of transfers, namely the ‘essentially equivalent standard of protection’. This
-
Global applicability of the GDPR in context Int. Data Priv. Law (IF 2.6) Pub Date : 2021-06-02 Granmar CG.
Key Points In this article, the basic concepts determining the territorial scope of the General Data Protection Regulation (GDPR) are analysed in the context of constitutional EU law. Proposals made by the European Data Protection Board (EDPB) in the guidelines on Article 3 of the GDPR are critically reviewed in the light of the ‘methodological source code’ of the European unification program enshrined
-
Digital contact tracing against COVID-19: a governance framework to build trust Int. Data Priv. Law (IF 2.6) Pub Date : 2021-05-05 Sacha Alanoca, Nicolas Guetta-Jeanrenaud, Isabela Ferrari, Nyasha Weinberg, R Buse Çetin, Nicolas Miailhe
Key Points Countries around the world are confronted with an unprecedented health crisis, raising complex social, economical, and ethical challenges. To mitigate the spread of COVID-19, and as a way to transition out of complete lockdown, several Latin American countries have deployed or are considering deploying digital contact tracing applications. However, worldwide concerns have been raised over
-
Data protection and social emergency in Latin America: COVID-19, a stress test for democracy, innovation, and regulation Int. Data Priv. Law (IF 2.6) Pub Date : 2021-05-05 Luca Belli, Nicolo Zingales
The current SARS-CoV-2 pandemic has wreaked havoc across the globe and exposed the vulnerabilities, weaknesses, and unpreparedness of our societies. The pandemic is a global phenomenon, and several global trends can be inferred, regarding the economic, technological, and psychological impact it has generated.
-
Open data on the COVID-19 pandemic: anonymisation as a technical solution for transparency, privacy, and data protection Int. Data Priv. Law (IF 2.6) Pub Date : 2021-04-22 Thiago Guimarães Moraes, Amanda Nunes Lopes Espiñeira Lemos, Alexandra Krastins Lopes, Camille Moura, José Renato Laranjeira de Pereira
Key Points This article aims to discuss transparency and privacy on COVID-19 public data. The Brazilian context was chosen as a case study to understand how to implement transparent COVID-19 government databases while respecting data protection. The article intends to answer the question: which technical approach could be implemented to publish transparent data on COVID-19 infections while respecting
-
The Nigerian Data Protection Regulation 2019 and data protection in biobank research Int. Data Priv. Law (IF 2.6) Pub Date : 2021-05-13 Akintola SO, Akinpelu DA.
Key Points It is essential for data and biosamples to be available and accessible in biomedical and translational research. This is because their reuse and repurposing by the wider research community can maximize their value and accelerate discovery. However, sharing human-related data is complicated by ethical, legal, and social sensitivities. It is noted that there are benefits to data sharing and
-
Do AI-based anti-money laundering (AML) systems violate European fundamental rights? Int. Data Priv. Law (IF 2.6) Pub Date : 2021-04-07 Bertrand A, Maxwell W, Vamparys X.
Key Points Machine learning (ML) algorithms can improve the fight against anti-money laundering and countering financing of terrorism (AML/CFT) by better detecting suspicious activities by bank customers and improving the handling of AML/CFT alerts by human compliance teams. However, the introduction of ML in AML/CFT monitoring systems will require a careful review of their compatibility with European
-
Australia’s ‘COVIDSafe’ law for contact tracing: an experiment in surveillance and trust Int. Data Priv. Law (IF 2.6) Pub Date : 2021-03-13 Greenleaf G, Kemp K.
Key Points Australian government has emphasized contact tracing and the voluntary use of a contact tracing app, namely the ‘COVIDSafe app’, as core measures in the fight against the spread of COVID-19 (the ‘ticket to a COVID-safe Australia’). To gain the public trust necessary for uptake of voluntary app, the government passed unusual legislation, the ‘COVIDSafe Act’ (technically, an amendment to the
-
Fit for purpose? Affective Computing meets EU data protection law Int. Data Priv. Law (IF 2.6) Pub Date : 2021-03-12 Häuselmann A.
Key Points Affective Computing creates a new class of data (‘emotional data’) that is personal, sensitive, and intimate by nature, but not necessarily considered personal or sensitive from the legal point of view. The information duties as set out in the GDPR do not oblige controllers to inform data subjects what specific emotions they have detected about them. Affective Computing creates tension with
-
What does it mean for a data subject to make their personal data ‘manifestly public’? An analysis of GDPR Article 9(2)(e) Int. Data Priv. Law (IF 2.6) Pub Date : 2021-02-23 Edward S Dove, Jiahong Chen
Key points This article investigates an under-discussed and potentially significant provision in the EU General Data Protection Regulation (GDPR), namely Article 9(2)(e), which permits processing of special category personal data if the ‘processing relates to personal data which are manifestly made public by the data subject’. This provision may be of increasing interest to data controllers in a variety
-
EU–US negotiations on law enforcement access to data: divergences, challenges and EU law procedures and options Int. Data Priv. Law (IF 2.6) Pub Date : 2021-02-12 Theodore Christakis, Fabien Terpan
Key Points The EU and the US kicked off negotiations in September 2019 for the conclusion of a very important agreement on Law Enforcement Agents’ (LEA) access to data. This is the first article to present the context of these negotiations and the numerous challenges surrounding them. There are strong divergences between the EU and the US about what the scope and the architecture of this agreement
-
Privacy, personal data protection, and freedom of expression under quarantine? The Peruvian experience Int. Data Priv. Law (IF 2.6) Pub Date : 2021-02-04 Andres Calderon, Susana Gonzales, Alejandra Ruiz
Key Points In this article, the authors make a quantitative and qualitative study of all the Executive regulations issued during the State of Emergency in Peru, that may have impacted the fundamental rights of privacy, personal data protection, and freedom of expression. Peru represents an emblematic case study. It adopted one of the earliest, lengthiest and most severe lockdowns in the world, together
-
The right to compensation of a competitor for a violation of the GDPR Int. Data Priv. Law (IF 2.6) Pub Date : 2020-12-17 Walree T, Wolters P.
Key Points Although the General Data Protection Regulation (GDPR) is primarily aimed at the protection of data subjects, competitors of the controller may also suffer damage due to an infringement. Article 82(1) of the GDPR stipulates that ‘any person’ shall have the right to receive compensation. It does not clarify whether a competitor can also invoke this right. At first sight, a right to compensation
-
Autonomous transport vehicles versus the principles of data protection law: is compatibility really an impossibility? Int. Data Priv. Law (IF 2.6) Pub Date : 2020-11-28 Salami E.
Key points Autonomous (transport) vehicles have evolved from science fiction into a feature of reality (in) which we now live. From a data protection standpoint, one of the challenges confronting the integration of autonomous vehicles into the society is the question of whether or not this disruptive technology is capable of being compliant with the principles of data protection law. The importance
-
Voice-based diagnosis of covid-19: ethical and legal challenges Int. Data Priv. Law (IF 2.6) Pub Date : 2021-01-28 Marco Almada, Juliano Maranhão
Key Points Ongoing research projects, among them the Brazilian SPIRA and SoundCov initiatives, seek to diagnose Covid-19 and severe respiratory insufficiency through the analysis of voice recordings. The voice recordings may also be used to infer information about various personal traits, including some considered as sensitive by data protection law. The deployment of such apps may promote significant
-
Ethics in the GDPR: A Blueprint for Applied Legal Theory Int. Data Priv. Law (IF 2.6) Pub Date : 2021-01-25 Johan Rochel
Ethics is seen as a critical resource for data law. But beyond this almost slogan-like truism, the exact functions which ethics might play in data law are often left unclear. This contribution clarifies the ways in which data ethics and data law are intertwined and, on this basis, offers guidelines for practitioners in terms of interpreting the GDPR. Two types of norms allow for modulation between
-
The right to object to automated individual decisions: resolving the ambiguity of Article 22(1) of the General Data Protection Regulation Int. Data Priv. Law (IF 2.6) Pub Date : 2021-01-14 Luca Tosoni
Key Points This article provides a critical analysis of Article 22(1) of the European Union’s General Data Protection Regulation (‘GDPR’). In particular, the article examines whether, as a matter of lex lata, the enigmatic ‘right not to be subject to a decision based solely on automated processing’ provided for in Article 22(1) should be interpreted as a general prohibition or a right to be exercised
-
Wanted: LED adequacy decisions. How the absence of any LED adequacy decision is hurting the protection of fundamental rights in a law enforcement context Int. Data Priv. Law (IF 2.6) Pub Date : 2021-01-13 Laura Drechsler
Since May 2018, the European Commission (Commission) has the exclusive competence not only to assess third countries for an adequacy decision authorizing the international transfer of personal data to third countries or international organizations in relation to the General Data Protection Regulation (GDPR)1 but also for law enforcement purposes under the Law Enforcement Directive (LED).2 So far, no
-
Personal data’s ever-expanding scope in smart environments and possible path(s) for regulating emerging digital technologies Int. Data Priv. Law (IF 2.6) Pub Date : 2021-01-08 Raphaël Gellert
Key Points Data portability rights are viewed by policymakers worldwide as a significant legal innovation to stimulate competitive digital economies. These rights allow consumers and businesses to seamlessly receive and transfer data for commercialization and efficiency purposes. The newly implemented Australian Consumer Data Right (CDR) provides an illuminating example of the complex relationship
-
Data-driven measures to mitigate the impact of COVID-19 in South America: how do regional programmes compare to best practice? Int. Data Priv. Law (IF 2.6) Pub Date : 2021-01-07 Taís Fernanda Blauth, Oskar Josef Gstrein
• This article analyses data-driven measures used in South America to mitigate the impact of COVID-19. Based on a broad review of relevant programmes in the region three selected cases from Argentina (Cuidar App), Brazil (use of personal data by IBGE), and Chile (CoronApp) are evaluated against best regional and international practices. • Our findings suggest that programmes in South America mirror
-
Decentralized data processing: personal data stores and the GDPR Int. Data Priv. Law (IF 2.6) Pub Date : 2020-12-28 Janssen H, Cobbe J, Norval C, et al.
Key Points When it comes to online services, users have limited control over how their personal data are processed. This is partly due to the nature of the business models of those services, where data are typically stored and aggregated in data centres. This has recently led to the development of technologies aiming at leveraging user control over the processing of their personal data. Personal data
-
Algorithmic impact assessments under the GDPR: producing multi-layered explanations Int. Data Priv. Law (IF 2.6) Pub Date : 2020-12-06 Kaminski M, Malgieri G.
Key Points Policymakers, scholars, and commentators are increasingly concerned with the risks of using algorithms for profiling and automated decision-making. This article addresses how a Data Protection Impact Assessment (DPIA), applied as an algorithmic impact assessment (AIA), links the two faces of the General Data Protection Regulation (GDPR) approach to algorithmic accountability: individual
-
How to de-identify personal data in South Korea: an evolutionary tale Int. Data Priv. Law (IF 2.6) Pub Date : 2020-11-09 Ko H, Park S.
Key Points In early 2020, South Korea’s legislature made amendments to major laws in the area of data protection in order to, among others, promote the utilization of pseudonymized personal data. With these amendments, pseudonymized personal data can be processed, without consent from data subjects, for archiving purposes, scientific research purposes, or statistical purposes. Arguably, these amendments
-
Breach of security vs personal data breach: effect on EU data subject notification requirements Int. Data Priv. Law (IF 2.6) Pub Date : 2020-10-13 Rogers Alunge
Key Points EU data protection laws requires notification of personal data breaches to data subjects if they present a high risk of harm, and define personal data breaches as breaches of security leading to a compromise of personal data. However, these laws offer no comprehensive definition of a breach of security. And the current definition of a personal data breach leaves out a ‘breach of security’
-
Who is responsible for data processing in smart homes? Reconsidering joint controllership and the household exemption Int. Data Priv. Law (IF 2.6) Pub Date : 2020-09-02 Jiahong Chen, Lilian Edwards, Lachlan Urquhart, Derek McAuley
The growing industrial and research interest in protecting privacy and fighting cyberattacks for smart homes has sparked various innovations in security- and privacy-enhancing technologies (S/PETs) powered by edge computing. The complex technical set-up has however raised a whole series of legal issues surrounding the regulation of smart home with data protection law. To determine how responsibility
-
Brendan Van Alsenoy, Data Protection Law in the EU: Roles, Responsibilities and Liability Int. Data Priv. Law (IF 2.6) Pub Date : 2020-08-26 Kamarinou D.
Van AlsenoyBrendan, Data Protection Law in the EU: Roles, Responsibilities and Liability, KU Leuven Centre for IT & IP Law Series, Cambridge: Intersentia Ltd, 2019, xxv + 694 pp, €115.00, ISBN 9781780688282.
-
The normative power of the EU: a case study of data protection laws of Turkey Int. Data Priv. Law (IF 2.6) Pub Date : 2020-08-24 Akcali Gur B.
Key Points The EU has had a normative impact on the development of personal data protection legislation in Turkey and the conditionality mechanism played a key role. For the EU, the alignment of personal data protection with the EU Acquis constitutes a fundamental rights concern that needs to be addressed for continued cooperation between the two jurisdictions, but the reforms in Turkey have been mostly
-
Governing machine-learning models: challenging the personal data presumption Int. Data Priv. Law (IF 2.6) Pub Date : 2020-08-03 Leiser M, Dechesne F.
Key Points This article confronts assertions made by Dr Michael Veale, Dr Reuben Binns, and Professor Lilian Edwards in ‘Algorithms that remember: Model Inversion Attacks and Data Protection Law’, as well as the general trend by the courts to broaden the definition of ‘personal data’ under Article 4(1) GDPR to include ‘everything data-related’. Veale and others use examples from computer science to
-
Australia’s Consumer Data Right and the uncertain role of information privacy law Int. Data Priv. Law (IF 2.6) Pub Date : 2020-08-01 Mark Burdon, Tom Mackie
Data portability rights are viewed by policymakers worldwide as a significant legal innovation to stimulate competitive digital economies. These rights allow consumers and businesses to seamlessly receive and transfer data for commercialization and efficiency purposes. The newly implemented Australian Consumer Data Right (CDR) provides an illuminating example of the complex relationship between information
-
Biobanking and data transfer between the EU and Cape Verde, Mauritius, Morocco, Senegal, and Tunisia: adequacy considerations and Convention 108 Int. Data Priv. Law (IF 2.6) Pub Date : 2020-05-01 Santa Slokenberga
-
Regulating health research and respecting data protection: a global dialogue Int. Data Priv. Law (IF 2.6) Pub Date : 2020-05-01 Nóra Ni Loideain
-
Information security at South African universities—implications for biomedical research Int. Data Priv. Law (IF 2.6) Pub Date : 2020-05-01 Dominique Anderson,Oluwafemi Peter Abiodun,Alan Christoffels
-
To track or not to track? Employees’ data privacy in the age of corporate wellness, mobile health, and GDPR† Int. Data Priv. Law (IF 2.6) Pub Date : 2020-04-27 Brassart Olsen C.
Key Points Employers have been increasingly offering wristbands or smartwatches, also known as ‘mHealth devices’, to their employees. The use of mHealth devices at work may come at a price for employees, who may unknowingly or unwillingly share their health information with their employer and third parties, such as mHealth providers. This could lead to data privacy breaches and discrimination in the
-
Mere access to personal data: is it processing? Int. Data Priv. Law (IF 2.6) Pub Date : 2020-03-30 Schreiber A.
Key Points There is a range of views on ‘access’ as a part of processing under the General Data Protection Regulation (GDPR). Access was not mentioned in Article 4(2) GDPR, but could fit the definition of processing, and could also be included within other forms of processing such as retrieval, storage, and transfer. Many scholars view access as central to the definition of privacy, and differentiate
-
Pitching trade against privacy: reconciling EU governance of personal data flows with external trade Int. Data Priv. Law (IF 2.6) Pub Date : 2020-03-30 Svetlana Yakovleva, Kristina Irion
Key Points: * Global data flows underpinning cross-border digital trade have moved centre stage in international trade negotiations. New trade law disciplines on the free flow of data are included in a number of international trade deals. * The European Union (EU) has a key role to play in the global governance of the protection of personal data. The EU’s strict data protection regime has sometimes
-
The layered links model: an alternative approach to international privacy regulation Int. Data Priv. Law (IF 2.6) Pub Date : 2020-03-10 Bougiakiotis E.
Key Points Currently, privacy and data protection lack international (as opposed to regional) regulation in large part because of the diverging values of various countries. Often the laws of various countries may impose conflicting obligations that so far have been addressed via ad hoc agreements. Despite calls for international convergence to avoid them, both in and out of academia, little progress