The European Union approach to data protection consists of assessing the adequacy of the data protection offered by the laws of a particular jurisdiction against a set of principles that includes purpose limitation, transparency, quality, proportionality, security, access, and rectification. The EU's Data Protection Directive sets conditions on the transfer of data to third countries by prohibiting Member States from transferring to such countries as have been deemed inadequate in terms (...) of the data protection regimes. In theory, each jurisdiction is evaluated similarly and must be found fully compliant with the EU's data protection principles to be considered adequate. In practice, the inconsistency with which these evaluations are made presents a hurdle to international data-sharing and makes difficult the integration of different data-sharing approaches; in the 20 years since the Directive was first adopted, the laws of only five countries from outside of the EU, Economic Area, or the European Free Trade Agreement have been deemed adequate to engage in data transfers without the need for further administrative safeguards. (shrink)

The General Data Protection Regulation is a European Union regulation that will replace the existing Data Protection Directive on 25 May 2018. The most significant change is a huge increase in the maximum fine that can be levied for breaches of the regulation. Yet fewer than half of UK companies are fully aware of GDPR—and a number of those who were preparing for it stopped doing so when the Brexit vote was announced. A (...) last-minute rush to become compliant is therefore expected, and numerous companies are starting to offer advice, checklists and consultancy on how to comply with GDPR. In such an environment, artificial intelligence technologies ought to be able to assist by providing best advice; asking all and only the relevant questions; monitoring activities; and carrying out assessments. The paper considers four areas of GDPR compliance where rule based technologies and/or machine learning techniques may be relevant: Following compliance checklists and codes of conduct; Supporting risk assessments; Complying with the new regulations regarding technologies that perform automatic profiling; Complying with the new regulations concerning recognising and reporting breaches of security. It concludes that AI technology can support each of these four areas. The requirements that GDPR state for explanation and justification of reasoning imply that rule-based approaches are likely to be more helpful than machine learning approaches. However, there may be good business reasons to take a different approach in some circumstances. (shrink)

The treaty of Lisbon makes European Union (EU) accession to the European Convention on Human Rights (ECHR) an obligation of result. The issue has been intensely discussed for more than thirty years, arguing that such accession is necessary in view of the need to ensure the ECHR standard of fundamental rights protection in Europe. This question again gains prominence as the EU member states and the institutions seek to agree on the negotiation directives of EU accession (...) to the ECHR. The process brings up the difficulties involved in creating a mechanism which would both facilitate the autonomy of the EU legal order and enable individuals to bring claims against the EU to the European Court of Human Rights (ECtHR). This involves the questions how it would be possible to ensure quick access to justice, and whether the ECtHR would continue to apply the doctrine of equivalent protection in relation to EU even after the latter becomes bound by the ECHR. The article argues that EU accession to the Convention is a prominent political step ensuring coherence of human rights protection mechanism in Europe. (shrink)

The establishment of the Common European Asylum System by 2012 remains a key policy objective for the European Union. According to the Council of the European Union, the development of a Common Asylum Policy should be based on a full and inclusive application of the 1951 Geneva Convention Relating to the Status of Refugees and other relevant international treaties. In the European Pact on Immigration and Asylum attention is brought to the persistence of wide (...) disparities amongst Member States in the granting of protection and the form of protection granted. This is seen as one of the main problems to be addressed in building the CEAS. It is fairly obvious that existing divergences in policy have a substantial impact upon the aims of the CEAS. It can be assumed that the difference in governmental practices involving recognizing asylum seekers on refugee grounds or subsidiary protection grounds may be a substantial factor in the decision-making process on where to apply for international protection. The European Commission stressed the importance, during the second phase of the CEAS, of paying particular attention to subsidiary and other forms of protection. (shrink)

The 1951 Convention Relating to the Status of Refugees and the 1967 Protocol Relating to the Status of Refugees embody fundamental provisions of refugee law. However, since the adoption of these documents the world has changed dramatically and the laws are not developing fast enough in order to catch up with dynamically changing contemporary situations. The application and interpretation of definition of a refugee was developed through traditional practice of Western states, which was influenced by two world wars and the (...) Cold War, when refugees from Africa or Asia were uncommon. The Qualification Directive specifically aims at ensuring that the member states apply common qualification criteria for persons who need international protection in line with the 1951 Convention Relating to the Status of Refugees. The author supports the statement that the Qualification Directive in principle aims at bringing back under the definition of refugee those, who have been left outside of its scope during the last decades as a result of the restrictive interpretation and application of the definition of refugee. (shrink)

As a technique of social control based on the collection of information, surveillance has been a central instrument of any administrative power since the modern era. Surveillance, however, can be carried out in different ways and these can provide important information on the basic features of a particular political system. Indeed, the introduction of surveillance measures has an impact on key relationships of a political system, such as liberty and security, autonomy and authority. When a political system is, like the (...) European Union (EU), in a dynamic and build-up phase, by analysing its surveillance practices one can even discern the trajectories of its developments. The paper analyses two surveillance measures in the EU: the Schengen Information System (SIS) and the Directive 2006/24/EC on data retention. It puts forth the argument that the reference to security as a value enables the EU to compensate its legitimacy deficiencies and to develop into a power system characterised by a more supranational structure than before. (shrink)

Biobanking in Europe has made major steps towards harmonization and shared standards for the collection and processing of data and samples stored in biobanks. Still, biobanks and researchers face substantial legal difficulties in the field of data protection and sample management. Data protection law was harmonized almost 15 years ago while rights in samples fall under the competence of the Member States of the EU. Despite the Data Protection Directive the field of (...) data protection shows a substantial degree of deviation as public health was excluded from the harmonization. Biobanks seem to have substantially fewer difficulties to cope with in terms of the legal requirements in the field of sample management. This paper discusses the legal framework, experiences of different biobanks in Europe and potential ways forward. It also highlights the need for a health economic analysis of the costs and benefits of privacy protection in Europe. At the moment, policymakers seem to build their decisions on an insufficient evidence base which underestimates the potential value of biobanks for European public health. Within the past few years little progress has been achieved with regards to the development of a unified legal framework in Europe, The diversity in the legal system is also reflected in the different approaches of ethics committees towards biobanking. To secure the responsible and effective use of data and samples, more efforts are needed to come up with pathways for a solution. (shrink)

Biobanking in Europe has made major steps towards harmonization and shared standards for the collection and processing of data and samples stored in biobanks. Still, biobanks and researchers face substantial legal difficulties in the field of data protection and sample management. Data protection law was harmonized almost 15 years ago while rights in samples fall under the competence of the Member States of the EU. Despite the Data Protection Directive the field of (...) data protection shows a substantial degree of deviation as public health was excluded from the harmonization. Biobanks seem to have substantially fewer difficulties to cope with in terms of the legal requirements in the field of sample management. This paper discusses the legal framework, experiences of different biobanks in Europe and potential ways forward. It also highlights the need for a health economic analysis of the costs and benefits of privacy protection in Europe. At the moment, policymakers seem to build their decisions on an insufficient evidence base which underestimates the potential value of biobanks for European public health. Within the past few years little progress has been achieved with regards to the development of a unified legal framework in Europe, The diversity in the legal system is also reflected in the different approaches of ethics committees towards biobanking. To secure the responsible and effective use of data and samples, more efforts are needed to come up with pathways for a solution. (shrink)

This book examines the role of the EU in ensuring privacy and data protection on the internet. It describes and demonstrates the importance of privacy and data protection for our democracies and how the enjoyment of these rights is challenged by, particularly, big data and mass surveillance. The book takes the perspective of the EU mandate under Article 16 TFEU. It analyses the contributions of the specific actors and roles within the EU framework: the judiciary, (...) the EU legislator, the independent supervisory authorities, the cooperation mechanisms of these authorities, as well as the EU as actor in the external domain. Article 16 TFEU enables the Court of the Justice of the EU to play its role as constitutional court and to set high standards for fundamental rights protection. It obliges the European Parliament and the Council to lay down legislation that encompasses all processing of personal data. It confirms control by independent supervisory authorities as an essential element of data protection and it gives the EU a strong mandate to act in the global arena. The analysis shows that EU powers can be successfully used in a legitimate and effective manner and that this subject could be a success story for the EU, in times of widespread euroskepsis. It demonstrates that the Member States remain important players in ensuring privacy and data protection. In order to be a success story, the key stakeholders should be prepared to go the extra mile, so it is argued in the book. The book is based on academic research for which the author received a double doctorate at the University of Amsterdam and the Vrije Universiteit Brussels. It builds on a long inside experience within the European institutions, as well as within the community of data protection and data protection authorities. It is a must read in a time where the setting of EU privacy and data protection is changing dramatically, not only as a result of the rapidly evolving information society, but also because of important legal developments such as the entry into force of the General Data Protection Regulation. This book will appeal to all those who are in some way involved in making this regulation work. It will also appeal to people interested in the institutional framework of the European Union and in the role of the Union of promoting fundamental rights, also in the wider world.. (shrink)

After the full-scale invasion of the Russian Federation into Ukraine, the flow of forced migration from Ukraine has significantly increased as people tried to protect their lives and find a safe place to live. Given that Ukraine shares the external border with the European Union, most people sought protection precisely in the Member States of the European Union. The study aims to analyze the features of the legal regulation of the provision of temporary protection (...) in the European Union and determine the reasons and conditions that led to its activation after the full-scale invasion of the Russian Federation into Ukraine on February 24, 2022. The leading method of the research was the method of systematic analysis, which helped define temporary protection as a multifaceted phenomenon and determine the reasons and conditions that led to its activation in the European Union after the full-scale invasion of the Russian Federation into Ukraine on February 24, 2022. In order to regulate the mass influx of Ukrainian displaced persons, the European Union has activated the mechanisms of temporary protection, which is an emergency mechanism introduced by a decision of the Council of the European Union. The status of a person with temporary protection provides certain rights analyzed in the article. Thus, the activation by the European Union of the Temporary Protection Directive is a justified and appropriate measure to protect the mass influx of displaced persons from Ukraine. (shrink)

BackgroundData processing of health research databases often requires a Data Protection Impact Assessment to evaluate the severity of the risk and the appropriateness of measures taken to comply with the European Union General Data Protection Regulation. We aimed to define and apply a comprehensive method for the evaluation of privacy, data governance and ethics among research networks involved in the EU Project Bridge Health.MethodsComputerised survey among associated partners of main EU Consortia, using a (...) targeted instrument designed by the principal investigator and progressively refined in collaboration with an international advisory panel. Descriptive measures using the percentage of adoption of privacy, data governance and ethical principles as main endpoints were used for the analysis and interpretation of the results.ResultsA total of 15 centres provided relevant information on the processing of sensitive data from 10 European countries. Major areas of concern were noted for: data linkage, access and accuracy of personal data and anonymisation procedures. A high variability was noted in the application of privacy principles.ConclusionsA comprehensive methodology of Privacy and Ethics Impact and Performance Assessment was successfully applied at international level. The method can help implementing the GDPR and expanding the scope of Data Protection Impact Assessment, so that the public benefit of the secondary use of health data could be well balanced with the respect of personal privacy. (shrink)

The European Union Data Protection Regulation will have profound implications for public health, health services research and statistics in Europe. The EU Commission's Proposal was a breakthrough in balancing privacy rights and rights to health and healthcare. The European Parliament, however, has proposed extensive amendments. This paper reviews the amendments proposed by the European Parliament Committee on Civil Liberties, Justice and Home Affairs and their implications for health research and statistics. The amendments eliminate most (...) innovations brought by the Proposal. Notably, derogation to the general prohibition of processing sensitive data shall be allowed for public interests such as the management of healthcare services, but not health research, monitoring, surveillance and governance. The processing of personal health data for historical, statistical or scientific purposes shall be allowed only with the consent of the data subject or if the processing serves an exceptionally high public interest, cannot be performed otherwise and is legally authorised. Research, be it academic, government, corporate or market research, falls under the same rule. The proposed amendments will make difficult or render impossible research and statistics involving the linkage and analysis of the wealth of data from clinical, administrative, insurance and survey sources, which have contributed to improving health outcomes and health systems performance and governance; and may illegitimise efforts that have been made in some European countries to enable privacy-respectful data use for research and statistical purposes. If the amendments stand as written, the right to privacy is likely to override the right to health and healthcare in Europe. (shrink)

The EU offers a suitable milieu for the comparison and harmonisation of healthcare across different languages, cultures, and jurisdictions, which could provide improvements in healthcare standards across the bloc. There are specific ethico-legal issues with the use of data in healthcare research that mandate a different approach from other forms of research. The use of healthcare data over a long period of time is similar to the use of tissue in biobanks. There is a low risk to subjects (...) but it is impossible to gain specific informed consent given the future possibilities for research. Large amounts of data on a subject present a finite risk of re-identification. Consequently, there is a balancing act between this risk and retaining sufficient utility of the data. Anonymising methods need to take into account the circumstances of data sharing to enable an appropriate balance in all cases. There are ethical and policy advantages to exceeding the legal requirements and thereby securing the social licence for research. This process would require the examination and comparison of data protection laws across the trading bloc to produce an ethico-legal framework compatible with the requirements of all member states. Seven EU jurisdictions are given consideration in this critique. (shrink)

The purpose of this article is to analyze the constitutional considerations of the possibility of establishing the Ombudsman as a body to receive reports of violations of the law under the authority of Directive Directive (EU) 2019/1937 of the European Parliament and of the Council of October 23, 2019 on the protection of whistleblowers. The results of the research lead to the conclusion of the possible admissibility of such a solution, but with the need for appropriate (...) system changes. However, the author recommends entrusting this competence to a newly created body. (shrink)

Clinical biobanks processing data of participants in the European Union fall under the scope of the General Data Protection Regulation, which among others includes requirements for consent. These requirements are further specified by the Article 29 Working Party —an EU advisory body currently known as the European Data Protection Board. Unfortunately, their guidance is cause for some confusion. While the GDPR allows participants to give broad consent for research when specific research purposes (...) are still unknown, the WP29 guidelines suggest that additional consent for specific uses should be obtained in addition to broad consent when this becomes applicable. This discrepancy elicits the question whether clinical biobanks can fail the requirement of consent if they obtain broad consent, but not a specific consent for each biomedical study. We analysed this discrepancy within the framework of contextual integrity, in order to describe the context-relative informational norms that govern information flows in clinical biobanks. However, our analysis demonstrates that there is no uniform set of norms that can be applied to all clinical biobanks. As such, neither the GDPR nor the WP29 guidance can act as a “one size fits all” approach to all clinical biobanks. Rather, differences between clinical biobanks—especially regarding the scientific aims and patient populations—make the case for context-relative norms that determine the appropriate type of consent. (shrink)

Clicks, comments, transactions, and physical movements are being increasingly recorded and analyzed by Big Data processors who use this information to trace the sentiment and activities of markets and voters. While the benefits of Big Data have received considerable attention, it is the potential social costs of practices associated with Big Data that are of interest to us in this paper. Prior research has investigated the impact of Big Data on individual privacy rights, however, there is (...) also growing recognition of its capacity to be mobilized for surveillance purposes. Our paper delineates the underlying issues of privacy and surveillance and presents them as in tension with one another. We postulate that efforts at controlling Big Data may create a trade-off of risks rather than an overall improvement in data protection. We explore this idea in relation to the principles of the European Union’s General Data Protection Regulation as it arguably embodies the new ‘gold standard’ of cyber-laws. We posit that safeguards advocated by the law, anonymization and pseudonymization, while representing effective counter measures to privacy concerns, also incentivize the use, collection, and trade of behavioral and other forms of de-identified data. We consider the legal status of these ownerless forms of data, arguing that data protection techniques such as anonymization and pseudonymization raise significant concerns over the ownership of behavioral data and its potential use in the large-scale modification of activities and choices made both on and offline. (shrink)

Private companies are data-rich. But market pressures to collect more, store more, and analyze more consumer data can often make them ethically bankrupt in the way of proactively protecting consume...

In 2009, with the enactment of the Lisbon Treaty, the Charter of Fundamental Rights of the European Union entered into force. Under Article 8 of the Charter, for the first time, a stand-alone fundamental right to data protection was declared. The creation of this right, standing as a distinct right to the right to privacy, is undoubtedly significant, and it is unique to the European legal order, being absent from other international human rights instruments. This (...) commentary examines the parameters of this new right to data protection, asking what are the principles underpinning the right. It argues that the right reflects some key values inherent in the European legal order, namely: privacy, transparency, autonomy and nondiscrimination. It also analyses some of the challenges in implementing this right in an era of ubiquitous veillance practices and Big Data. (shrink)

Solutions to the problem ofprotecting informational privacy in cyberspacetend to fall into one of three categories:technological solutions, self-regulatorysolutions, and legislative solutions. In thispaper, I suggest that the legal protection ofthe right to online privacy within the USshould be strengthened. Traditionally, inidentifying where support can be found in theUS Constitution for a right to informationalprivacy, the point of focus has been on theFourth Amendment; protection in this contextfinds its moral basis in personal liberty,personal dignity, self-esteem, and othervalues. On the (...) other hand, the constitutionalright to privacy first established by Griswoldv. Connecticut finds its moral basis largelyin a single value, the value of autonomy ofdecision-making. I propose that an expandedconstitutional right to informational privacy,responsive to the escalating threats posed toonline privacy by developments in informationaltechnology, would be more likely to find asolid moral basis in the value of autonomyassociated with the constitutional right toprivacy found in Griswold than in the varietyof values forming the moral basis for the rightto privacy backed by the Fourth Amendment. (shrink)

Given recent technological advances, we now are able to invade personal privacy as never before. The challenge in the business community is to make the most of the opportunities presented by the growth in communication technology while, at the same time, protecting what remains of individual privacy. The conflict between technological advances and privacy concerns is not new, but it has grown exponentially in recent years, and the development of a data protection scheme in the European (...) class='Hi'>Union lends a certain economic urgency to meeting the challenge.Pursuant to a Directive adopted by the European Union, privacy protections throughout the EU must become more stringent and consistent throughout EU member countries. One area of great concern to the United States is the Directive's requirement for certain minimum standards of privacy protection in countries receiving information from member countries. Given the limited protections available in the United States, it does not appear that the United States meets these minimum standards. The purpose of this paper is to critically analyze the existing measurements of global privacy protections and to propose a new model which allows for their comparative evaluation. (shrink)

Although the Internet is frequently referred to as a global public resource, its functioning remains predominantly controlled by private actors. The Internet brought about significant shifts in the way we conceptualize governance. In particular, the handling of “big data” by private intermediaries has a direct impact on routine practices and personal lives. The implementation of the “right to be forgotten” following the May 2014 decision of the Court of Justice of the European Union against Google blurs the (...) boundaries between the public and the private, and extends the responsibilities of the latter to court-style decision making. This article analyzes the regulatory developments in this area and the implications of outsourcing of important governance practices to private intermediaries. It looks at the decision-making process for the “right to be forgotten” to illustrate the extent to which the hybridization of such procedures results in new arrangements between public and private ordering in Internet governance. (shrink)

The emergence of a global industry of digital health platforms operated by Big Tech corporations, and its growing entanglements with academic and pharmaceutical research networks, raise pressing questions on the capacity of current data governance models, regulatory and legal frameworks to safeguard the sustainability of the health research ecosystem. In this article, we direct our attention toward the challenges faced by the European General Data Protection Regulation in regulating the potentially disruptive engagement of Big Tech platforms (...) in health research. The General Data Protection Regulation upholds a rather flexible regime for scientific research through a number of derogations to otherwise stricter data protection requirements, while providing a very broad interpretation of the notion of “scientific research”. Precisely the breadth of these exemptions combined with the ample scope of this notion could provide unintended leeway to the health data processing activities of Big Tech platforms, which have not been immune from carrying out privacy-infringing and socially disruptive practices in the health domain. We thus discuss further finer-grained demarcations to be traced within the broadly construed notion of scientific research, geared to implementing use-based data governance frameworks that distinguish health research activities that should benefit from a facilitated data protection regime from those that should not. We conclude that a “re-purposing” of big data governance approaches in health research is needed if European nations are to promote research activities within a framework of high safeguards for both individual citizens and society. (shrink)

On October 6, 2015, in Schrems v. Data Protection Commissioner, the European Court of Justice, the European Union's highest court, held that the fifteen-year-old Safe Harbor Framework Agreement with the United States was invalid. Under the agreement, about forty-five hundred American companies each year self-certified to the U.S. Department of Commerce that they were in compliance with the essential privacy protections of the European Union, and therefore it was permissible for entities in the (...) European Union to send personal data to these American companies. According to the court, because some American companies were making the personal data of E.U. citizens available to U.S. government agencies, such as the National Security Agency, the fundamental privacy interests of E.U. citizens were not being protected. As a result of this court decision there has been considerable speculation about what, if any, effect the case has on international collaboration in health research, in particular, the sharing of personal data by E.U. researchers with their U.S. colleagues. (shrink)

The presented paper focuses on the analysis of strategic documents at the level of the European Union concerning the regulation of artificial intelligence as one of the so-called disruptive technologies. In the first part of the article, we outline the basic terminology. Subsequently, we focus on the summarizing and systemizing of the key documents adopted at the EU level in terms of artificial intelligence regulation. The focus of the paper is devoted to issues of personal data (...) class='Hi'>protection and cyber security included in these strategic documents. The final part contains recommendations for future research and evaluation of its key features. (shrink)

Genetics is a biomedical science that investigates heredity, variability, occurrence of genetic diseases and their prevention. Genetic science has many fields of science, which deal with different genetic processes, methods, aspects and fields of application. The genetic research in Europe related to the individual as the main subject of the research is exposed to a wide range of ethical and legal issues. From the developments in genetic science other sciences have evolved, thanks to which the modern world is able to (...) protect the genetic information of data, and to receive the sanction while ignoring the laws of such data. However, many problems still persist in the field of protection of personal genetic information, such as regulatory standards, the inviolability of an individual, the assurance of freedom and privacy of information. This manuscript attempts to reveal the main aspects of genetic human data protection, to research conduct regulations, ethics and issues related to the protection of individuals, such as protection of privacy, discrimination, confidentiality, etc. The article mainly focuses on the Conventions and Protocols elaborated by the Council of Europe because of its role in bioethics and focus on human rights. The author examined the documents such as the Convention on Human Rights and Biomedicine, the Additional Protocol to the Convention on Human Rights and Biomedicine concerning Biomedical Research, Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and others. Genetic discrimination is strictly forbidden by international conventions and declarations, which means that discrimination on the grounds of personal genetic information (diseases, abnormalities) is not possible in all areas, including employment and insurance. However, individuals face some problems in getting a job due to the publicity and information disclosure to their employers, or in increasing the amount of insurance premiums. However, the disclosure of genetic information may have relevant, statutory consequences and the victims may apply to court for defending these rights. It is essential to protect genetic rights, as any form of discrimination against a person on the grounds of their genetic heritage is prohibited and intervention in the health field or disclosure of such information is only possible after the person concerned has given their free and informed consent. (shrink)

Social policy is based, since its inception, on a certain “philosophy” regarding the desirable social model, encompassing religious, political and social values, as well as appropriate objectives and tools for protecting vulnerable target groups. This philosophy differs both geographically and historically. Thus, European social policies have a specific axiological foundation comparing to social models developed on other continents. Even if relatively stable, this foundation is continuously redefined and, therefore, the European social model is an evolving concept. Our paper (...) analyses how social vulnerability and vulnerable groups are redefined within the European social policies, during Covid-19 pandemic. If in recent decades the European social policies have tried to implement more selective and means-tested social protection, the approach to social protection during the pandemic is different, there are indications of increasing the universalisation of social benefits for covering new vulnerabilities. In our analysis, the pandemic accentuated some pre-existing trends to redefine the predilect target groups and their social protection: larger decommodification, protection for atypical employment, social security schemes covering new risks, and instruments for a new work-life balance. At the same time, European social protection policies tend towards synergy with actions in the fields of digitalisation and ecology. Are these changes temporary or will they last even after the pandemic? Of course, it is difficult to make predictions, but we believe that some of them anticipate possible structural reforms of more humane, less biopolitical European social protection policies. Our analysis is based on data from social statistics, official documents and public speeches. (shrink)

RESUMEN: En la era de las tecnologías digitales, el Derecho se enfrenta al objetivo de afrontar la protección de los datos personales en un universo global donde las fronteras se diluyen y el principio de territorialidad ha dejado de tener aplicación. Este trabajo pretende plantear el reto que supone, para el ordenamiento jurídico español, la adaptación a la nueva regulación europea en esta materia.ABSTRACT: At the digital´s technologies age, Law faces with the aim to address the personal data (...) class='Hi'>protection in a global universe where blurring the borders, and the territoriality principle has ceased to be applied. This paper aims to poset he challenge that supposes, to the Spanish legal system, the adaptation to the new European Union regulation on this matter.PALABRAS CLAVE: universo digital, protección de datos personales, reglamento europeo, constitución española, conflictos de competenciaKEYWORDS: digital universe, personal data protection, european regulation, spanish constitution, competence´s conflicts. (shrink)

Approximately twenty years after it was necessary to fight for human rights, the time came when it was necessary to do it again. Or to begin at the very least to protect them very strongly and thoroughly in a preventive manner. Other methods and means will revert to time when human rights were formally anchored but their material establishment is not yet realized, or not at least to the extent expected corresponding to their real substance. The beginning of the 90’s (...) in Central and Eastern Europe was a success in that human rights began to be looked on as natural, forming the basis of democratic State respecting the rule of law. Today we are increasingly more often encountering the reality that human rights, on the contrary, to the same extent that they have been able to be established, they are losing in value. The biggest danger consists in the fact that limiting of human rights often is attended by silence, without wider public discussion or deliberations. The lack of qualified discussion during the limiting of human rights by way of laws and implementing regulations is however a systemic problem. Correction of its results can be often very complex and doing away with the causes a long term effort. It is dependent on the quality of representative democracy and of the civil society as well. This article is devoted to problem of implementation of evidence of data accompanying telecommunications traffic, the so-called data retention, and in its development from lack of legal regulation to roughly unconstitutional legal regulation and finally to hope for a reasonably constitutional solution. (shrink)

Organizations such as multinational corporations are the most important form of business globally. The defining role on the world economy could be seen at the onset of the financial crisis of 2008, but also in the recent events related to the Covid-19 pandemic, when corporations transformed their production lines to respond to the need for protective equipment for the frontline workers in the health system, but also for the broader population. Through Foreign Direct Investment, multinational corporations make a positive impact (...) on economies around the world. In addition to contributing to the local development of areas where they setup subsidiaries, multinational corporations are a form of integration of a local economy into the global economy. In the Romanian economy, multinational corporations play a decisive role, representing the companies with the highest turnover, but also the most desired employers for those looking for a job. (shrink)

Introduction The paradigm shift to a knowledge‐based economy has incremented the use of personal information applied to health‐related activities, such as biomedical research, innovation, and commercial initiatives. The convergence of science, technology, communication and data technologies has given rise to the application of big data to health; for example through eHealth, human databases and biobanks. Methods In light of these changes, we enquire about the value of personal data and its appropriate use. In order to illustrate the (...) complex ground on which big data applied to health develops, we analyse the current situation of the European Union and two cases: the Catalan VISC+/PADRIS and the UK Biobank, as perspectives. Discussion and conclusions Personal health‐related data in the context of the European Union is being increasingly used for big data projects under diverse schemes. There, public and private sectors participate distinctively or jointly, pursuing very different goals which may conflict with individual rights, notably privacy. Given that, this paper advocates for stopping the unjustified accumulation and commercialisation of personal data, protecting the interests of citizens and building appropriate frameworks to govern big data projects for health. A core tool for achieving such goals is to develop consent mechanisms which allow truly informed but adaptable consent, conjugated with the engagement of donors, participants and society. (shrink)

Even though the Convention for the Protection of Human Rights and Fundamental Freedoms (ECHR) does not explicitly address the rights of asylum seekers and refugees, the case law of the European Human Rights Court (ECtHR) confirms that their rights can be successfully defended under this mechanism. In parallel, in its evolving jurisprudence on asylum the Court of Justice of the European Union (CJEU) refers to the Strasbourg case law, where there is a certain interrelationship between these (...) two jurisdictions, in particular given the recent ECtHR pronouncement on “EU Dublin transfers”. The article aims at evaluating protection available for asylum seekers and refugees under the ECHR, while comparing it with protection of asylum relevant fundamental rights under the EU legal order and the most recent jurisprudence of the CJEU in asylum cases. The authors also analyze which of the two systems is more favourable and what are their limitations. Thus, the article offers to students and practitioners a detailed analysis of ECtHR and CJEU jurisprudence in asylum cases through a comparative perspective, as well as the key problematic aspects arising in both jurisdictions and their junction. The jurisprudence of the ECtHR reveals that despite the most developed protection from expulsion under Article 3 of the ECHR, it does not sufficiently secure status for the concerned persons. Effective remedy requirements under the ECHR allow for filling the gaps of national asylum procedures, while recognition of vulnerability and special status of asylum seekers by the ECtHR assist in addressing still commonly prevailing detention problems of asylum seekers in Europe. In the context of family protection, the recognition of positive obligations by states to reunite the refugee families is still rudimentary, thus, clearly Article 3 protection in expulsion cases takes over Article 8. At the same time, the jurisprudence of the CJEU in asylum cases is still inconsistent, as the court sometimes takes decisions without including human rights into its’ analysis (Kadzoev, Arslan, K.), while in other cases refers to the Charter (MA and others), verifies if its’ own decision is in line with the ECtHR jurisprudence (Elgafaji) or shapes secondary legislation in line with Strasbourg arguments and findings (N.S.). Quite likely, the ECtHR practice will have an important influence on the developments of subsidiary protection in the EU, at least in the context of Articles 2 and 3 of the ECHR, and serve as an important reference for interpretation of various concepts under the EU Qualification and Procedures Directives. The comparative analysis of pros and cons of the two mechanisms demonstrates that the main advantage of the ECtHR is individual justice possibility, which is not yet accessible under CJEU preliminary judgement procedure and its input in developing asylum law concepts, such as non-state agents of persecution, internal protection or even subsidiary protection regime under EU asylum law. Thanks to the ECtHR, the realistic possibility to question the application of certain EU norms has emerged (Dublin Regulation). While the ECtHR does not have such a specific competence over asylum issues as the CJEU and is clearly a slow and seriously overburdened mechanism, the pilot judgement procedure seems to be increasingly capable of providing guidelines to the states concerning systematic problems in their asylum procedures. Thus, both jurisdictions in their own ways contribute to strengthening asylum seekers’ protection while forming a common oasis for these individuals in Europe. (shrink)

Before the EU General Data Protection Regulation entered into force in May 2018, we witnessed an intense struggle of actors associated with data-dependent fields of science, in particular health-related academia and biobanks striving for legal derogations for data reuse in research. These actors engaged in a similar line of argument and formed issue alliances to pool their collective power. Using descriptive coding followed by an interpretive analysis, this article investigates the argumentative repertoire of these actors and (...) embeds the analysis in ethical debates on data sharing and biobank-related data governance. We observe efforts to perform a paradigmatic shift of the discourse around the General Data Protection Regulation-implementation away from ‘protecting data’ as key concern to ‘protecting health’ of individuals and societies at large. Instead of data protection, the key risks stressed by health researchers became potential obstacles to research. In line, exchange of information with data subjects is not a key concern in the arguments of biobank-related actors and it is assumed that patients want ‘their’ data to be used. We interpret these narratives as a ‘reaction’ to potential restrictions for data reuse and in line with a broader trend towards Big Data science, as the very idea of biobanking is conceptualized around long-term use of readily prepared data. We conclude that a sustainable implementation of biobanks needs not only to comply with the General Data Protection Regulation, but must proactively re-imagine its relation to citizens and data subjects in order to account for the various ways that science gets entangled with society. (shrink)

This paper explores some key discrepancies between two sets of normative requirements applicable to the research use of personal data and human biological materials: the data protection regime which follows the application of the European Union General Data Protection Regulation, and the Declaration of Helsinki, CIOMS guidelines and other research ethics regulations. One source of this controversy is that the GDPR requires consent to process personal data to be clear, concise, specific and (...) granular, freely given and revocable and therefore has challenged the concept of ‘broad consent’, which has been widely applied in the context of biobanking. Another source of controversy is the interplay between regulations of research ethics and protection of personal data related to the secondary use of personal data and biological materials. In this case, the GDPR ‘research condition’ provides an alternative to re-consent for the use of previously collected personal data and biological materials. Although the mentioned controversies have been raised in the legal literature, they have not been explicitly addressed from the research ethics perspective. Should consent be regarded as a priority legal basis for personal data processing in health data research? Can broad consent still be a suitable legal ground for biobanking? What should be the role of research ethics provisions that differ from the GDPR standards, and what should be the role and function of research ethics committees in the changing environment of health data research? These are the ongoing controversies to be explored in the paper. (shrink)

Both the European Union and the Council of Europe have a bearing on privacy in genomic databases and biobanking. In terms of legislation, the processing of personal data as it relates to the right to privacy is currently largely regulated in Europe by Directive 95/46/EC, which requires that processing be “fair and lawful” and follow a set of principles, meaning that the data be processed only for stated purposes, be sufficient for the purposes of the (...) processing, be kept only for so long as is necessary to achieve those purposes, and be kept securely and only in an identifiable state for such time as is necessary for the processing. The European privacy regime does not require the de-identification of personal data used in genomic databases or biobanks, and alongside this practice informed consent as well as governance and oversight mechanisms provide for the protection of genomic data. (shrink)

Industrialization laid the foundation for contemporary civilization but also begot environmental problems, which have been building up and remained unsolved to this day. There is widespread belief that, if industrial manufacturing lies at the root of environment degradation through endless spewing of residual waste, trade among nations is to blame for scattering residual waste the world over. Yet paradoxically, it is the very international trade that might be the ground for major remedies thereto. The 20th century witnessed the shift from (...) free trade to fair trade; it is about time to shift from fair trade to clean trade. Nevertheless, such serious problems had barely been dealt with until the post-World War II period. An awareness-raising effort in this line was made by the European Union which, since the early 1970s, has been dealing with environmental and social issues, especially the ones deriving from international trade, in a decisive and responsible manner. Still, EU’s new policy in the field of environment protection has a downside in that it affects trade relations with partners from outside the Union, both developing and developed countries, thereby drawing fierce international reaction. The good part is that EU’s actions will most likely prompt other nations to follow suit. (shrink)

Once upon a time, they managed to bring Neverland into the bedrooms; they were seen as the heroes of a new era. However, as heroes always tend to walk a fine line between good and evil, it does not come as a surprise that a decade later the perception has dramatically changed; the fairy tale turned into a nightmare. Are Internet Service Providers (ISPs) no more than data-guzzling monsters that need to be tamed? In November, the European Commission (...) published a “Comprehensive approach on personal data protection in the European Union” which seems to nod approval. The approach seeks to strengthen the individual’s rights regarding the use of data by ISPs. The Commission notes that children deserve specific protection in this context due to the fact that their awareness of risks and consequences is usually underdeveloped. Both a general principle of transparent processing and specific obligations for data controllers regarding the type of information to be provided and the modalities for providing it had to be taken into account. Not only legal but also self-regulatory initiatives should contribute to a better enforcement of data protection rules. This approach is both applauded and heavily criticized by the European Data Protection Supervisor. In particular, he argues that children’s particular interests have not been sufficiently addressed presenting a long list of suggestions for improvement including specific provisions against behavioral advertising, the exclusion of some data categories, an age threshold or special requirements on the issue of informed consent and a reinforcement of data controllers’ accountability. Is there really a need for a new magic formula? This paper reviews the current options for addressing the challenges of the use of personal data of minors by ISPs. (shrink)

This article extends property-owning democracy to the digital realm and introduces “data-owning democracy,” a new political economic regime characterized by the wide distribution of data as capital among citizens. Drawing on republican theory and acknowledging data's unique role in the digital economy, it proposes a two-tier model that combines different modes of data ownership and corresponding rights. The first layer of “data-owning democracy” is characterized by a digital public infrastructure that enables citizens to collectively generate (...) data and have a say in how their citizen data are used. In the second layer, individuals automatically receive machine-readable copies of their data whenever they are generated—a slightly more advanced form of the European Union's existing right to data portability (Art. 20). With its focus on empowerment, data-owning democracy is designed to be complementary to existing data protection regulations. It also illustrates how political theory more broadly, and republican theory specifically, can be instructive for specifying the normative components of a new political economy dealing with questions of empowerment and digital rights. (shrink)

The first few years of the 21st century were characterised by a progressive loss of privacy. Two phenomena converged to give rise to the data economy: the realisation that data trails from users interacting with technology could be used to develop personalised advertising, and a concern for security that led authorities to use such personal data for the purposes of intelligence and policing. In contrast to the early days of the data economy and internet surveillance, the (...) last few years have witnessed a rising concern for privacy. As bad data practices have come to light, citizens are starting to understand the real cost of using online digital technologies. Two events stamped 2018 as a landmark year for privacy: the Cambridge Analytica scandal, and the implementation of the European Union’s General Data Protection Regulation (GDPR). The former showed the extent to which personal data has been shared without data subjects’ knowledge and consent and many times for unacceptable purposes, such as swaying elections. The latter inaugurated the beginning of robust data protection regulation in the digital age. Getting privacy right is one of the biggest challenges of this new decade of the 21st century. The past year has shown that there is still much work to be done on privacy to tame the darkest aspects of the data economy. As data scandals continue to emerge, questions abound as to how to interpret and enforce regulation, how to design new and better laws, how to complement regulation with better ethics, and how to find technical solutions to data problems. The aim of the research project Data, Privacy, and the Individual is to contribute to a better understanding of the ethics of privacy and of differential privacy. The outcomes of the project are seven research papers on privacy, a survey, and this final report, which summarises each research paper, and goes on to offer a set of reflections and recommendations to implement best practices regarding privacy. (shrink)

The paper examines the connection between online security and the protection of civil rights from a legal viewpoint, that is, considering the different types of rights and interests that are at stake in national and international law and whether, and to what extent, they concern matters of balancing. Over the past years, the purpose of several laws, and legislative drafts such as ACTA, has been to impose “zero-sum games”. In light of current statutes, such as HADOPI in France, or (...) Digital Economy Act in UK, the paper intends to illustrate how more satisfactory solutions are feasible in the field of online security, such as the new “Police and Criminal Justice Data Protection Directive” that the European Commission presented in January 2012. At least in Western legal systems, it should be clear that either civil rights prevail over security (no balancing), or such balance has to satisfactorily protect individual rights (proportionality). (shrink)

This book on privacy and data protection offers readers conceptual analysis as well as thoughtful discussion of issues, practices, and solutions. It features results of the seventh annual International Conference on Computers, Privacy, and Data Protection, CPDP 2014, held in Brussels January 2014. The book first examines profiling, a persistent core issue of data protection and privacy. It covers the emergence of profiling technologies, on-line behavioral tracking, and the impact of profiling on fundamental rights (...) and values. Next, the book looks at preventing privacy risks and harms through impact assessments. It contains discussions on the tools and methodologies for impact assessments as well as case studies. The book then goes on to cover the purported trade-off between privacy and security, ways to support privacy and data protection, and the controversial right to be forgotten, which offers individuals a means to oppose the often persistent digital memory of the web. Written during the process of the fundamental revision of the current EU data protection law by the Data Protection Package proposed by the European Commission, this interdisciplinary book presents both daring and prospective approaches. It will serve as an insightful resource for readers with an interest in privacy and data protection. (shrink)

A European Union counter-terrorism strategy was devised in 2005.1 Of its four strands—prevent, pursue, protect, and respond—only two have a direct connection with policing. Perhaps surprisingly, th...

Whistleblowing can be defined as the internal or external reporting of violations and abuses of law. The protection and promotion of whistleblowing is extremely important both in the level of the European Union and the Member States. It is also well demonstrated by the fact, that the European Union has adopted a Directive in 2019 on the protection of persons who report breaches of Union law which the Member States also has to (...) implement to their national legal system. Although whistleblowing can be analyses from several points of view, this paper only focuses on its legal aspects. The objective of the article is to present the legal requirements of the European Union and the Hungarian regulation. In this context, the paper aims to analyse how successful was the implementation of the Directive into the Hungarian legal system. (shrink)

Should the EU be a federal union or an intergovernmental forum? Recently, demoicrats have been arguing that there exists a third alternative. The EU should be conceived as a demoicracy, namely a ‘Union of peoples who govern together, but not as one’. The demoi of Europe recognise that they affect one another’s democratic health, and hence establish a union to guarantee their freedom qua demoi – which most demoicrats cash out as non-domination. This is more than intergovernmentalism, (...) because the demoi govern together on these matters. However, if the union aims at protecting the freedom of the different European demoi, it cannot do so by replacing them with a ‘superdemos’, as federalists want. This paper argues that demoicracy does possess distinctive normative features; it claims, however, that an institutional choice between intergovernmentalism and federalism is necessary. Depending on how we interpret what the non-domination of demoi requires, demoicracy will either ground a specific way of practicing intergovernmentalism or a specific form of federalism. It cannot, however, ground an institutional model which is genuinely alternative to both. (shrink)

The system of the European Convention on Human Rights created in 1950 is still regarded as the most important and effective regional system for the protection of human rights in the whole world. However, the experience of the European Court of Human Rights (ECHR) has clearly showed that the steady growth in the number of cases brought before the ECHR makes it increasingly difficult to keep the length of proceedings within the acceptable limits and to maintain the (...) effectiveness of the ECHR. This aspect is becoming extremely important due to the fact that the European Union (EU) will join the Convention system in the near future. The legal basis for the EU accession to the Convention system has been made possible after the entering into force of the EU Lisbon Treaty on 1 December 2009, and, from the Convention’s perspective, the new Protocol No. 14 to the Convention, which entered into force on 1 June 2010, and which, in Article 17 (amending Article 59 of the Convention), stipulates that the EU may accede to this Convention. (shrink)

In November 2019 the EU Whistleblower Directive came into force. Whistleblowing has been described as a human right and a freedom fundamental to democracy. But it is not always straightforward to understand concrete cases of reporting wrongdoing in terms of abstract political philosophy. This paper uses a discussion between Berlin and Skinner about what negative freedom is, as a theoretical framework to understand the struggles of a campaigning platform of trade unions and civil society organizations, in the coming about (...) of the EU Whistleblower Directive. The paper is empirically based on a document analysis of two Resolutions in the European Parliament, the European Commission’s proposal text, the approved text in the European Parliament, and messages on the listserv of the campaigning platform between February 2017 and April 2019. The paper provides insights on how whistleblowing freedom relates to public interest and autonomy. (shrink)

BackgroundIncreasingly, hospitals and research institutes are developing technical solutions for sharing patient data in a privacy preserving manner. Two of these technical solutions are homomorphic encryption and distributed ledger technology. Homomorphic encryption allows computations to be performed on data without this data ever being decrypted. Therefore, homomorphic encryption represents a potential solution for conducting feasibility studies on cohorts of sensitive patient data stored in distributed locations. Distributed ledger technology provides a permanent record on all transfers and (...) processing of patient data, allowing data custodians to audit access. A significant portion of the current literature has examined how these technologies might comply with data protection and research ethics frameworks. In the Swiss context, these instruments include the Federal Act on Data Protection and the Human Research Act. There are also institutional frameworks that govern the processing of health related and genetic data at different universities and hospitals. Given Switzerland’s geographical proximity to European Union (EU) member states, the General Data Protection Regulation (GDPR) may impose additional obligations.MethodsTo conduct this assessment, we carried out a series of qualitative interviews with key stakeholders at Swiss hospitals and research institutions. These included legal and clinical data management staff, as well as clinical and research ethics experts. These interviews were carried out with two series of vignettes that focused on data discovery using homomorphic encryption and data erasure from a distributed ledger platform.ResultsFor our first set of vignettes, interviewees were prepared to allow data discovery requests if patients had provided general consent or ethics committee approval, depending on the types of data made available. Our interviewees highlighted the importance of protecting against the risk of reidentification given different types of data. For our second set, there was disagreement amongst interviewees on whether they would delete patient data locally, or delete data linked to a ledger with cryptographic hashes. Our interviewees were also willing to delete data locally or on the ledger, subject to local legislation.ConclusionOur findings can help guide the deployment of these technologies, as well as determine ethics and legal requirements for such technologies. (shrink)