发布求助
文献互助 智能选刊 最新文献

Turning Point in Data Protection Law最新文献

筛选
英文 中文
Data: The key role in fighting against the Coronavirus pandemic – Opportunities and risks of the contact tracing Apps 数据:抗击冠状病毒大流行的关键作用——接触者追踪应用程序的机遇和风险
Turning Point in Data Protection Law Pub Date : 2020-10-13 DOI: 10.5771/9783748921561-179
Jutta Sonja Oberlin
{"title":"Data: The key role in fighting against the Coronavirus pandemic – Opportunities and risks of the contact tracing Apps","authors":"Jutta Sonja Oberlin","doi":"10.5771/9783748921561-179","DOIUrl":"https://doi.org/10.5771/9783748921561-179","url":null,"abstract":"Recently, developers from all over the world, including Google and Apple1 have been working on pseudonymous contact tracing apps to break the chains of transmission. These so-called Corona Apps could play a vital role in the fight against the virus, but they also raise serious privacy and data protection concerns. While these apps are supposed to help limit the further spread of COVID-19, they might also expose sensitive personal data belonging to the affected data subjects. This may include health data2 or, in some cases, even the location data of everyone using the app. Some apps collect real time data on the actual location and movements of their users to warn people if they have been in contact or near an infected person. This also helps the government3 to understand the spread of the virus, and to design appropriate measures and take actions accordingly. To avoid incompliance or regulatory confusion, on April 8th the European Commission adopted recommendations to support Coronavirus containment measures through mobile data and apps. These recommendations set out key principals concerning data security and EU fundamental rights, such as privacy and data protection.4 In general, the processing of special categories of data, such as health data, is prohibited unless a special provision (Art. 9 (2) a-j GDPR) applies. In the case of the fight against COVID-19, the legal grounds for data pro-","PeriodicalId":326055,"journal":{"name":"Turning Point in Data Protection Law","volume":"32 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-10-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123088597","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Video surveillance: The supervisory authorities’ view and recent case law 视频监控:监管部门的观点和最近的判例法
Turning Point in Data Protection Law Pub Date : 2020-10-13 DOI: 10.5771/9783748921561-175
A. Golland, J. Ohrtmann
{"title":"Video surveillance: The supervisory authorities’ view and recent case law","authors":"A. Golland, J. Ohrtmann","doi":"10.5771/9783748921561-175","DOIUrl":"https://doi.org/10.5771/9783748921561-175","url":null,"abstract":"With the growing popularity of smartphones, dashcams and video surveillance for access control, cameras are increasingly becoming a part of daily life. In particular, video surveillance conducted by private companies – to prevent and solve crimes, for example – is a much-discussed topic in data protection law. On 29 January 2020, the European Data Protection Board (EDPB), the EU body responsible for harmonising the enforcement of the General Data Protection Regulation (GDPR), published a revised version of their guidelines on the processing of personal data through video devices in accordance with the GDPR. A few weeks earlier, the European Court of Justice (ECJ) had issued a ruling on a case of surveillance of public spaces. This article explains what you now need to know about video surveillance.","PeriodicalId":326055,"journal":{"name":"Turning Point in Data Protection Law","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-10-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128471355","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
IT maintenance is ‘Data processing on behalf’ according to German DPAs 根据德国dpa, IT维护是“代处理数据”
Turning Point in Data Protection Law Pub Date : 2020-10-13 DOI: 10.5771/9783748921561-59
Thomas Kahler
{"title":"IT maintenance is ‘Data processing on behalf’ according to German DPAs","authors":"Thomas Kahler","doi":"10.5771/9783748921561-59","DOIUrl":"https://doi.org/10.5771/9783748921561-59","url":null,"abstract":"With the application of the GDPR the question arises, How to qualify IT maintenance? This aspect is of great relevance since any software contains personal data. Microsoft, Oracle and SAP, for example, process personal data of customers and employees. Similarly, reporting software, which only stores financial data of the controller, contains at least the name or the ID of the employees who are using the software for access management.","PeriodicalId":326055,"journal":{"name":"Turning Point in Data Protection Law","volume":"70 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-10-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130143458","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Accountability – the gravity centre of GDPR 问责制——GDPR的重心
Turning Point in Data Protection Law Pub Date : 2020-10-13 DOI: 10.5771/9783748921561-25
Thomas Kahler
{"title":"Accountability – the gravity centre of GDPR","authors":"Thomas Kahler","doi":"10.5771/9783748921561-25","DOIUrl":"https://doi.org/10.5771/9783748921561-25","url":null,"abstract":"Accountability may be compared with removing the centre of the universe from earth to sun by the Copernican revolution. The gravity power of accountability – as a new gravity centre of GDPR – is shifting the burden of proof to the controller.1 This shift has a far-reaching effect on the whole system of data protection principles within GDPR. Whereas Art. 5 (1) GDPR lists all six fundamental principles of GDPR with (1) lawfulness, fairness and transparency, (2) purpose limitation, (3) data minimisation, (4) accuracy, (5) storage limitation and (6) integrity and confidentiality,","PeriodicalId":326055,"journal":{"name":"Turning Point in Data Protection Law","volume":"44 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-10-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114063684","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
The end of an “old“ consent? Consent faces legal action by Max Schrems and consumer agencies “旧”同意的终结?同意公司将面临Max Schrems和消费者代理机构的法律诉讼
Turning Point in Data Protection Law Pub Date : 2020-10-13 DOI: 10.5771/9783748921561-17
Thomas Kahler
{"title":"The end of an “old“ consent? Consent faces legal action by Max Schrems and consumer agencies","authors":"Thomas Kahler","doi":"10.5771/9783748921561-17","DOIUrl":"https://doi.org/10.5771/9783748921561-17","url":null,"abstract":"Consent will be a part of the first attacks of data activist Max Schrems under the GDPR.1 Most “old” consent forms will be invalid from on 25th May, that derives from a narrow interpretation of recital 171 GDPR by the WP292. This interpretation requires, that consent shall be fully compliant with the GDPR.3 GDPR raises the bar significantly in comparison to the Directive 95/46. I would like focus on three aspects:","PeriodicalId":326055,"journal":{"name":"Turning Point in Data Protection Law","volume":"37 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-10-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127881997","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
GDPR – not fit for corona? GDPR -不适合冠状病毒?
Turning Point in Data Protection Law Pub Date : 2020-10-13 DOI: 10.5771/9783748921561-171
Thomas Kahler
{"title":"GDPR – not fit for corona?","authors":"Thomas Kahler","doi":"10.5771/9783748921561-171","DOIUrl":"https://doi.org/10.5771/9783748921561-171","url":null,"abstract":"The first step for DPOs is to check the legal basis for justifying data processing. This procedure does not change in times of corona and will be illustrated here by two cenarios: Cenario 1: Is is admissable to use private mobile phones of employees? Cenario 2: Is it admissable to check the temperature of the staff before entering the office? Cenario 1: In ordinary times GDPR does not provide a legal basis to transfer personal data to private mobile phones. First, a consent of the owner of the mobile phone would not be regarded as freely given since the employee does not solely receive a legal incentive by providing 'his own device'. Second, the phonenumber of his coworker or the phonenumber of an employee of a third party would be transferred to and stored on the private device. This data transfer cannot be based on legitimate interest while a transfer of this contact details is not necessary in the sence of GDPR. The less infringing measure is the storage the data on the device of the employer. An exception of this ratio may be admissable for a contact list for emergencies. Companies can ask for private contact details of an employee who has a defined role in an emergency plan. This would be admissable on basis of legitimate interest. How does the cenario change in times of corona? Sofar no less infringing measure exists it would be admissable e.g. to inform the employees 1.","PeriodicalId":326055,"journal":{"name":"Turning Point in Data Protection Law","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-10-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129201832","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Data breach: 72 hours period extended on weekend? 数据泄露:周末延长72小时?
Turning Point in Data Protection Law Pub Date : 2020-10-13 DOI: 10.5771/9783748921561-109
Thomas Kahler
{"title":"Data breach: 72 hours period extended on weekend?","authors":"Thomas Kahler","doi":"10.5771/9783748921561-109","DOIUrl":"https://doi.org/10.5771/9783748921561-109","url":null,"abstract":"GDPR requires companies to notify data breaches to the supervisory authority „...without undue delay and, where feasible, not later than 72 hours...“1 Sofar, the notice period of 72 hours would include weekends companies were required to organise an urgency duty Saturdays and Sundays for the DPO and for relevant IT staff. But with reference to a EU-regulation dating from June 1971 the notice period shall be extended on weekend.","PeriodicalId":326055,"journal":{"name":"Turning Point in Data Protection Law","volume":"63 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-10-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116658698","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Google Analytics: Injunctive relief, information requests and damages 谷歌分析:禁令救济,信息请求和损害赔偿
Turning Point in Data Protection Law Pub Date : 2020-10-13 DOI: 10.5771/9783748921561-151
P. Hense
{"title":"Google Analytics: Injunctive relief, information requests and damages","authors":"P. Hense","doi":"10.5771/9783748921561-151","DOIUrl":"https://doi.org/10.5771/9783748921561-151","url":null,"abstract":"Irrespective of the GDPR, claims for injunctive relief against the disclosure of personal data can also be based on German tort law according to a decision of the Regional Court of Dresden.2 The unauthorised disclosure of the plaintiff’s personal data by the defendant constitutes a violation of the plaintiff’s general individual right to privacy, in particular the right to “informational self-determination“. Unless the plaintiff has actively consented, no valid consent exists. Visiting a website cannot in itself be regarded as the (implied) granting of consent. The fact that the plaintiff visits a website that uses Google Analytics without “anonymizeIp” cannot be construed as improper conduct on the part of the plaintiff which, according to Section 242 BGB (German Civil Code), would preclude him from exercising his rights. This conduct is legitimised by the general freedom of information.3 High requirements must be placed on the presumption of improper conduct of proceedings. There is no improper interest on the part of the plaintiff with regard to obtaining a fee, as the plaintiff initially contacted the defendant privately by email without claiming any costs.","PeriodicalId":326055,"journal":{"name":"Turning Point in Data Protection Law","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-10-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115722497","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
How to ‘provide’ information (Art. 12 GDPR)? European Court of Justice requires active behavior 如何“提供”信息(GDPR第12条)?欧洲法院要求积极的行为
Turning Point in Data Protection Law Pub Date : 2020-10-13 DOI: 10.5771/9783748921561-13
Thomas Kahler
{"title":"How to ‘provide’ information (Art. 12 GDPR)? European Court of Justice requires active behavior","authors":"Thomas Kahler","doi":"10.5771/9783748921561-13","DOIUrl":"https://doi.org/10.5771/9783748921561-13","url":null,"abstract":"The controller shall inform the data subject (e.g. consumer) about the extent of the data processing (Art. 13 GDPR). But, what measures are required to provide this information to the data subject according to Art. 12 GDPR? Is it necessary to send a written statement to the data subject or is it sufficient to publish the information on the website? The European Court of Justice (ECJ) held a judgement regarding this aspect in 2017. The ECJ stated that the organisation, which is responsible to provide the information, “...must actively communicate that information.“1 This decision has a significant impact on cost and efforts of the GDPR-implementation projects. In general, the legal interpretation starts with the interpretation of the wordings of the respective legal source – in our case the GDPR. But the term to “provide“ information is not defined in Art. 4 GDPR. An additional approach to get more clarity of the wording is referring to the different language versions of the GDPR. The French version of Art. 12 GDPR uses the verb “fournier“ and the German version uses the wording “übermitteln“. In contrast to the English and French version the German term “übermitteln“ is defined as “transmission“ according to Art. 4 (2) GDPR, which is a sub-activity to data processing. In that context transmission means a transfer of personal data to a third party. All versions – the English “provide“, the French “fournier“ and the German “übermitteln“ – have in common that the wording requires an active behavior of the controller to transfer the information into the sphere of the data subject. Recently, Art. 29 Working Party has published its Working Paper (WP 260) regarding transparency. The latest Working Papers are a de facto binding interpretation of the GDPR because on 25th of May the Working Party will be transformed into the European Data Protection Board. Since","PeriodicalId":326055,"journal":{"name":"Turning Point in Data Protection Law","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-10-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114812342","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
The “Whitelist” and its Value during a Data Protection Impact Assessment 数据保护影响评估中的“白名单”及其价值
Turning Point in Data Protection Law Pub Date : 2020-10-13 DOI: 10.5771/9783748921561-141
Iheanyi Nwankwo
{"title":"The “Whitelist” and its Value during a Data Protection Impact Assessment","authors":"Iheanyi Nwankwo","doi":"10.5771/9783748921561-141","DOIUrl":"https://doi.org/10.5771/9783748921561-141","url":null,"abstract":"The EU General Data Protection Regulation (GDPR) solidifies the riskbased approach in data protection through several references that tie the obligation of data controllers to the risk exposure associated with their data processing. This reference, for examples, includes the requirement to conduct a data protection impact assessment (DPIA). However, the regulation does not require that a DPIA shall be carried out in all personal data processing scenarios, even though it is commonly acknowledged that the mere processing of personal data has an element of risk associated with it. Article 35 (1) of the GDPR only triggers the requirement of a DPIA when the processing operation is likely to result in “high risk”. Unfortunately, the GDPR does not define the term “risk” or “high risk”, despite that these are key notions that require clarification as to which data processing operation falls within each of them. That being the case, it is expected then that data controllers should conduct a preliminary assessment of their intended data processing to know if it could result in high risk. Article 35 (3) assists tremendously in carrying out this task by providing non-exhaustive examples of data processing considered to be of high risk, and by default, require a DPIA. These are processing that involves a systematic and extensive evaluation of personal aspects relating to natural persons; processing on a large scale of special categories of data; or systematic monitoring of a publicly accessible area on a large scale. On the other hand, Recital 91 gives an indication of processing that should not require a mandatory DPIA, as they are not presumed to be of a large scale, for example, data from patients or clients processed by an individual physician, other health care professional or a lawyer. However, as these examples are not complete, supervisory authorities (SAs) are tasked with publishing lists of processing operations that require a","PeriodicalId":326055,"journal":{"name":"Turning Point in Data Protection Law","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-10-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128709031","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信