Future of Privacy Forum

About: Future of Privacy Forum is a nonprofit organization based out in Washington D.C., District of Columbia, United States. It is known for research contribution in the topics: Data Protection Act 1998 & Information privacy. The organization has 11 authors who have published 37 publications receiving 1003 citations.

The role of government in commercial cybersecurity

Abstract: Privacy consists of two components: (1) conforming one's collection, use, and sharing of personal data to existing laws and norms, and (2) securing the data against unauthorized access and use. Even with the best of intentions as to the treatment of personal data, there can be no privacy where there is no data security. With the interconnected Internet, cybersecurity is a critical component of privacy.

Data protection and competition law: The dawn of uberprotection

Abstract: This chapter aims at giving a comprehensive overview of the intertwining of competition law and data protection law in the EU legal framework, prompted by the rising and disruptive importance of amassed data, including personal data ('Big Data'), for competition in the digital market. How personal data is collected and used potentially impacts all pillars of competition law - anticompetitive agreements, abuse of dominance and merger control. While abuse of dominance and merger control relate to competitive harm through accumulation of customer or user data - which could occur lawfully or unlawfully pursuant to data protection law, the classic price fixing cartels are being replaced by seemingly irretraceable price fixing algorithms.

How CJEU's “Privacy Spring” Construed the Human Rights Shield in the Digital Age

Abstract: This paper analyses two landmark judgments of the Court of Justice of the European Union (CJEU), given in April and May 2014, and how they shaped the protection of fundamental rights in the digital age. The judgments can be considered as defining a CJEU “privacy spring”, given the fact that Article 7 – the right to respect for private life, and Article 8 – the right to the protection of personal data, from the Charter of Fundamental Rights of the EU, were effectively applied in both cases. The first decision concerns the finding that the Data Retention Directive is invalid in its entirety (the “Digital Rights Ireland” decision) and the second one concerns the applicability of EU data protection law to an Internet search engine provider established in a third country (the “Google v. Spain” decision). The paper analyses the main findings of the Court in both cases. It compiles a grid of requirements that need to be fulfilled by data retention legislation in order for it to be compliant with the Charter, and it explains why the most important finding of the Court in Google v. Spain is not the existence of the right to erasure, but the fact that a search engine is a “data controller”.

Science and Privacy: Data Protection Laws and Their Impact on Research

Abstract: While privacy laws differ in their scope, focus, and approach, they all involve restrictions on the collection, use, sharing, or retention of information about people. In practice, these requirements can lead organizations to refrain from collecting certain data, only use data with the consent of the individual, or to delete data after a certain timeframe or at the request of the individual. At the same time, scientific research is increasingly using the tools of data analytics and machine learning. These tools rely on “big data” and the idea that powerful computers and sophisticated analytical tools can examine very large data sets to reveal new insights and discoveries. Scientists believe this data-driven approach to research will lead to stunning breakthroughs in medicine, education, and many other fields that can dramatically advance human knowledge and well-being. The tension between these two trends is clear. Most privacy laws acknowledge and address that tension. While privacy laws aim to restrict harmful data practices, they typically also are designed to allow for, or even encourage, uses of personal information that are beneficial and valuable to the individual or society. The inherent tension is often resolved by including reasonable exceptions in the laws to allow for necessary or beneficial data uses. But these exceptions are not complete exemptions from privacy obligations; even such beneficial uses of personal information typically remain subject to other protections in privacy laws such as an obligation to maintain the security of the data. This article addresses how privacy laws can and should allow for scientific research while still providing meaningful protections for personal information. Part I discuses key principles found in many privacy laws and how each can potentially impact scientific research. Part II describes several prominent privacy laws across different jurisdictions and how each addresses research as a type of data use. Part III briefly discusses the distinction between academic or public-interest research and commercial research. Finally, Part IV provides specific recommendations to lawmakers and regulators on how privacy law should address and accommodate scientific research.

Article 16 [Protection of Personal Data]

Abstract: Article 16 TFEU enshrines the protection of personal data in EU primary law. Its purpose is twofold: it affirms that the right to the protection of personal data is a fundamental right in the EU, reinforcing Article 8 EUCFR, and it establishes a specific legal basis for the EU legislator to act for the adoption of legislation concerning the processing of personal data, both at EU and MS level. The latter objective envisages not only the protection of individuals, giving effect to the affirmation of the right to personal data protection, but also the free movement of personal data within the Union.