The European data protection framework for the twenty-first century
TL;DR: This article sets out some of the key elements of the Commission's EU data protection reform proposals and highlights a number of the main changes compared to the current situation.
Abstract: This article sets out some of the key elements of the Commission's EU data protection reform proposals and highlights a number of the main changes compared to the current situation. † The new legislative instruments contain import- ant changes to the current acquis, relating in particular to
Citations
More filters
Dissertation•
01 Jan 2019
TL;DR: Although international trade agreements such as GATS cannot resolve all challenges pertaining to data flows, they can and should play a more proactive role in balancing trade and internet policy objectives.
Abstract: With the rapid digitalisation of the economy, cross-border data flows have become essential for the functioning of different sectors of the economy, including the digital services industry. However, governments often restrict cross-border flows through various laws, regulations, policies and administrative measures (or ‘data-restrictive measures’) to achieve internet-related policy objectives such as regulating online content, protecting online privacy of internet users, and cybersecurity protection. These measures typically interfere with the architecture of the internet and the technical protocols/designs of digital services, resulting in economically and technologically inefficient outcomes. Further, as data-restrictive measures constrain cross-border supply of digital services, they constitute trade barriers, and therefore may violate provisions of the General Agreement on Trade in Services (‘GATS’) of the World Trade Organization (‘WTO’). This thesis investigates how GATS applies to data-restrictive measures and whether its rules can balance trade and internet policy objectives. It first highlights the complementary relationship of the three fundamental principles of internet governance applicable to cross-border data flows, namely internet openness, privacy and security. It then proposes a theoretical framework whereby GATS can be aligned with these three principles to support both an open and predictable framework for digital trade and robust internet policies. The thesis applies this framework to three common types of datarestrictive measures, namely online content regulation measures, privacy-related datarestrictive measures, and cybersecurity-related data-restrictive measures. This thesis finds that GATS can be thoughtfully applied and interpreted to align with principles of internet openness, privacy and security. For example, commitments of Members in their GATS Schedules of Commitments can be interpreted in a technologically neutral manner to facilitate both trade liberalisation and internet openness. Further, GATS obligations on non-discrimination, domestic regulation and market access (subject to Members’ relevant commitments and exemptions) generally facilitate an open market for cross-border data flows, thereby supporting internet openness. Finally, under GATS exceptions, Panels can distinguish protectionist datarestrictive measures disguised as cybersecurity/privacy/content regulation measures from measures genuinely necessary to achieve these objectives. To conduct a holistic assessment of data-restrictive measures under GATS, Panels should use both legal and technical evidence, including relying on internet technical and policy expertise. However, the extent to which GATS aligns with the principles of internet openness, privacy and security is constrained by the lack of multilateral consensus on internet policy issues and the somewhat outdated architecture of GATS. Therefore, in addition to interpreting existing GATS provisions more meaningfully, this thesis proposes a multipronged approach to further strengthen alignment of GATS with internet openness, privacy and security. This approach requires: meaningful use of GATS provisions on transparency and mutual recognition; introducing reforms in WTO law to incorporate relevant disciplines on cross-border data flows; and exploring options outside traditional multilateral mechanisms including developing a non-binding WTO declaration on data flows and facilitating stronger regulatory cooperation on data governance in relevant international/transnational institutions. This thesis concludes that although international trade agreements such as GATS cannot resolve all challenges pertaining to data flows, they can and should play a more proactive role in balancing trade and internet policy objectives.
47 citations
01 Feb 2018-International Journal of Human-computer Studies \/ International Journal of Man-machine Studies
TL;DR: The research results show that online users’ propensity to use privacy controls is likely to be driven by the type of personal information they are willing to share, and show clearly that compensation is a factor to motivate online users in using privacy controls over data flows.
Abstract: The rise of new technologies has brought new challenges regarding the protection of personal data, as a vast amount of personal information is being published and shared. Because personal data are extremely valuable for many digital businesses, it is crucial to understand to what extent individuals want to exert control over the disclosure of their personal data. This paper aims to assess the factors that affect web users’ predisposition to exert control over personal data flows, using a dataset collected in France in 2014 that targets online users and their privacy. Our results demonstrate that those who are more likely to disclose personal data express a greater propensity to use privacy controls. Additionally, our research results show that online users’ propensity to use privacy controls is likely to be driven by the type of personal information they are willing to share. Furthermore, our findings show clearly that compensation is a factor to motivate online users in using privacy controls over data flows.
32 citations
Cites background from "The European data protection framew..."
...consumer empowerment suggests that it is important for users to take action with respect to the management of their private information (Wu et al., 2011; Fife and Orjuela, 2012; Reding, 2012)....
[...]
01 Jan 2017
TL;DR: The paper argues that the uncontrolled use of the data commons will ultimately result in a number of the commons problems, and elaborates on the two problems in particular: disempowerment of the individual vis-a-vis the Information Industry, and the enclosure of data by a few Information Industry actors.
Abstract: The promises of Big Data Analytics in the area of health are grand and tempting. Access to the large pools of data, much of which is personal, is said to be vital if the Big Data health initiatives are to succeed. The resulting rhetoric is of data sharing . This contribution exposes ‘the other side’ of data sharing which often remains in the dark when the Information Industry and researchers advocate for more relaxed rules of data access: namely, the paper frames the issue of personal data use in terms of the commons , a resource shared by a group of appropriators and therefore subject to social dilemmas. The paper argues that the uncontrolled use of the data commons will ultimately result in a number of the commons problems, and elaborates on the two problems in particular: disempowerment of the individual vis-a-vis the Information Industry, and the enclosure of data by a few Information Industry actors. These key message is: if one chooses to approach data as commons and advocates data use for common good , one should also account for the commons problems that come with such sharing.
17 citations
Dissertation•
01 Jun 2016
TL;DR: The findings from the analysis of survey data show that big data and data protection support each other, but also that some frictions can emerge around data collection and data fusion.
Abstract: The increasing availability of electronic records and the expanded reliance on online communications and services have made available a huge amount of data about people’s behaviours, characteristics, and preferences Advancements in data processing technology, known as big data, offer opportunities to increase organisational efficiency and competitiveness Analytically sophisticated companies excel in their ability to extract value from the analysis of digital data However, in order to exploit the potential economic benefits produced by big data and analytics, issues of data privacy and information security need to be addressed In Europe, organisations processing personal data are being required to implement basic data protection principles, which are considered difficult to implement in big data environments Little is known in the privacy studies literature about how companies manage the trade-off between data usage and data protection This study contributes to explore the corporate data privacy environment, by focusing on the interrelationship between the data protection legal regime, the application of big data analytics to achieve corporate objectives, and the creation of an organisational privacy culture It also draws insights from surveillance studies, particularly the idea of dataveillance, to identify potential limitations of the current legal privacy regime The findings from the analysis of survey data show that big data and data protection support each other, but also that some frictions can emerge around data collection and data fusion The demand for the integration of different data sources poses challenges to the implementation of data protection principles However, this study finds no evidence that data protection laws prevent data gathering Implications relevant for the debate on the reform of European data protection law are also drawn from these findings
17 citations
Cites background from "The European data protection framew..."
...Commentators in favour of the new regulation believe that data protection law had to be strengthened in order to safeguard data subjects’ rights (Reding 2012, CL&SR 2013)....
[...]
TL;DR: While a considerable improvement and major step forward for the protection of personal data in its field, the Directive is unlikely to mend the fragmented legal framework and achieve the intended high level of data protection standards consistent across European Union member states.
10 citations