Showing papers in "International Data Privacy Law in 2023"
1 citations
TL;DR: In this paper , the authors assume that a participant expresses a valid consent for the collection and processing of personal data and, at a certain point during the research life-cycle, decides to withdraw her/his consent.
Abstract: In the context of biomedical research, consent is both a ground for the lawful processing of personal data and a bioethical requirement for participation in scientific research projects. While the conditions for obtaining valid consent are extensively discussed in legal and bioethical literature, withdrawal of consent has received considerably less attention. According to the EU General Data Protection Regulation (GDPR), that data subjects have the right to withdraw their consent at any time, but the duties of the entities processing personal data are not clearly defined in the text of the Regulation. Pursuant to Article 7 GDPR, withdrawal ‘shall not affect the lawfulness of processing based on consent before its withdrawal’, but there is no clear specification of the rules governing what happens after this moment. The assumption underlying this article is that a participant expresses a valid consent for the collection and processing of personal data and, at a certain point during the research life-cycle, decides to withdraw her/his consent. This decision would, prima facie, result in an obligation of the data controller to cease processing the data. However, when more closely examined, there are practical, legal, and ethical reasons for why this might not always be the optimal solution. Stopping the processing after receiving a withdrawal request is not an absolute mandate. Pursuant to the GDPR, consent is one Key Points
TL;DR: Paloma Krõõt Tupay as discussed by the authors , associate professor in Constitutional Law, University of Tartu, School of Law, 10142 Tallinn, Estonia Email: palomakreet.tupay@ut.ee Search for other works by this author on: Oxford Academic Google Scholar International Data Privacy Law, ipad010, https://doi.org/10.1093/idpl/ipad010 Published: 23 June 2023
Abstract: Journal Article Has the GDPR killed e-government? The “once-only” principle vs the principle of purpose limitation Get access Monika Mikiver, Monika Mikiver Guest Lecturer in Administrative Law, University of Tartu, School of Law, 10142 Tallinn, Estonia Search for other works by this author on: Oxford Academic Google Scholar Paloma Krõõt Tupay Paloma Krõõt Tupay Paloma Krõõt Tupay, Associate Professor in Constitutional Law, University of Tartu, School of Law, 10142 Tallinn, Estonia Email: palomakreet.tupay@ut.ee Search for other works by this author on: Oxford Academic Google Scholar International Data Privacy Law, ipad010, https://doi.org/10.1093/idpl/ipad010 Published: 23 June 2023
TL;DR: SARS-CoV-2 emerged in late 2019 and had become, within a few months, the focus of global attention due to its high transmissibility and its ability to cause acute respiratory failure, especially in the elderly and in people with comorbidities as mentioned in this paper .
Abstract: SARS-CoV-2 emerged in late 2019 and had become, within a few months, the focus of global attention due to its high transmissibility and its ability to cause acute respiratory failure, especially in the elderly and in people with comorbidities.1 Most governments, faced with a pandemic of a magnitude unprecedented in the 21st century,2 adopted emergency measures to reduce or stop the spread of the virus. Contact tracing is a well-established practice that consists of identifying people who have come into contact with infected people. During the Covid-19 pandemic, contact tracing was carried out using new methods. Manual contact tracing (MCT), in which the key stage consists of interviewing infected subjects in order to identify their contacts,3 has involved the collection and recording of data in electronic databases.4 In parallel, digital contact tracing (DCT), in which notification of infection risk uses a smartphone application, was implemented for the first time in a pandemic although the principle had already been described.5
TL;DR: Li et al. as mentioned in this paper argued that data law should instead focus on the acts of accessing and using data, such as through defining and regulating the improper crawling of data, and proposed different models of property rights, including the classic ownership-usufruct (所有权-用益) approach, the intellectual property model, and a novel property rights model tailored specifically for data.
Abstract: The scarcity and economic value of data have been widely recognized in the literature on economics1 and law,2 earning it the title of being ‘the most valuable resource’ in the world today, according to a cover article in The Economist.3 In China, where the digital economy has developed rapidly, ‘data’ was recently recognized by its national macro policy as a new crucial factor of production alongside land, capital, knowledge, technology, and labour.4 Accordingly, the key question is how the rights to this resource should be characterized and allocated in order to facilitate the efficient flow and use of data and promote the development of the overall digital economy. There is currently no unified regulatory approach adopted across jurisdictions.5 Despite extensive debate among legal scholars, no consensus has been reached on how the law should protect and utilize data resources.6 On the one hand, some argue that the law should not accord property rights over data given that data is intangible,7 which risks giving rise to a multiplicity of stakeholders and competing claims.8 They argue that data law should instead focus on the acts of accessing and using data, such as through defining and regulating the improper crawling of data.9 On the other hand, others argue that the law should create data property rights, and have proposed different models of property rights, including the classic ownership-usufruct (所有权-用益) approach,10 the intellectual property model,11 and a novel property rights model tailored specifically for data.
TL;DR: In this article , the authors review the PIPC's decision on Scatter Lab's violation of the Personal Information Protection Act (PIPA) and derive the significance and limitations of the decision.
Abstract: In South Korea, artificial intelligence (AI)-related personal information protection has long been an issue, and the Lee-Luda (also referred to as ‘Iruda’) incident drove the development of specific policies and guidelines. The Lee-Luda case is fairly important for AI governance in Korea, since the Personal Information Protection Commission (PIPC) decision was the first to make a judgment on the Personal Information Protection Act (PIPA) violations as a result of development and operation of AI. Following the Lee-Luda case, Korean society became more aware of the risks posed by privacy infringement in the age of intelligent information technology. Lawmakers began to establish legal frameworks for the protection of personal information while developing AI products and services. This study reviews legal issues and suggests policy directions while highlighting the significance of the Lee-Luda case, which was an epochal turning point in the protection of personal information related to AI products and services in Korea. First, the authors review the PIPC’s decision on Scatter Lab’s violation of the PIPA, analyse the legal issues in the Lee-Luda case, and derive the significance and limitations of the decision. Next, the authors suggest that it is desirable for AI governance to move towards self-regulation in a manner that ensures the autonomy of AI developers and operators; they also review the recent trends in the laws and policies on data protection that have been continually developed since the Lee-Luda case, especially with a focus on the AI Personal Information Protection Self-Checklist (Self-Checklist).