Suchergebnisse

Intro -- Cover -- Dedication -- Title Page -- Contents -- Abbreviations -- Table of Cases -- Table of Statutes -- Table of Statutory Instruments -- Table of EU Regulations -- Table of European Directives -- Table of Treaties, Conventions and Agreements -- Part 1 Data Protection: How to Comply with the Data Protection Regime -- Chapter 1 Data Protection -- What is Data Protection? -- The Importance of Data Protection -- The Data Protection Regime -- Data Protection Rules -- Summary Data Protection Rules -- General Criteria for Data Processing -- Data Protection Overview -- Lawful Processing -- Definitions -- Chapter 2 Sources of Data Protection Law -- Introduction -- UK DPA 2018 -- UK GDPR -- DPDI Bill -- UK Secondary Legislation -- EU Data Protection Law -- Case Law -- ICO Guides -- ICO Determinations -- Legal Textbooks -- Legal Journals -- EDPB -- European Data Protection Supervisor -- Council of Europe -- Other Data Protection Authorities -- Other Official Sources -- Key/Topical Issues -- Data Protection Websites and Blogs -- Other Laws -- Conferences -- Reference -- Chapter 3 Definitions -- Introduction -- DPA Definitions -- GDPR (and UK GDPR) Definitions -- DPDI Definition Changes -- Two Categories of Personal Data -- Conclusion -- Chapter 4 History and Data Protection -- Introduction -- History of Data Protection -- Data Protection Act -- Legal Instruments -- GDPR/UK GDPR -- Conclusion -- Chapter 5 Principles -- Introduction -- When Data Protection Provisions Apply -- Fair Processing Requirements -- Principles of Data Protection -- Chapter 6 Ordinary Personal Data Lawful Processing Conditions -- Introduction -- General Lawful Processing Conditions -- Special Personal Data Lawful Processing Conditions -- Chapter 7 Processing Pre-Conditions: Prior Information Requirements and Transparency -- Introduction.

EU data protection law imposes a series of requirements designed to protect individuals against the risks that result from the processing of their data. It also distinguishes among different types of actors involved in the processing, setting out different obligations for each actor. The most important distinction in this regard is the distinction between "controllers" and "processors". Together, these concepts provide the very basis upon which responsibility for compliance with EU data protection law is allocated. As a result, both concepts play a decisive role in determining the potential liability of an organisation under EU data protection law, including the General Data Protection Regulation (GDPR). Technological and societal developments have made it increasingly difficult to apply the controller-processor model in practice. The main factors are the growing complexity of processing operations, the diversification of processing, services and the sheer number of actors that can be involved. Against this background, this book seeks to determine whether EU data protection law should continue to maintain the controller-processor model as the main basis for allocating responsibility and liability. This book provides its readers with the analytical framework to help them navigate the intricate relationship of roles, responsibility and liability under EU data protection law. The book begins with an in-depth analysis of the nature and role of the controller and processor concepts. The key elements of each are examined in detail, as is the associated allocation of responsibility and liability. The next part contains a historical-comparative analysis, which traces the origin and development of the controller-processor model over time. To identify the main problems that occur when applying the controller-processor model in practice, a number of real-life use cases are examined (cloud computing, social media, identity management and search engines). In the final part, a critical evaluation is made of the choices made by the European legislature in the context of the GDPR. It is clear that the GDPR has introduced considerable improvements in comparison to EU Directive 95/46. In the long run, however, further changes may well be necessary. By way of conclusion, a number of avenues for possible improvements are presented. Dr Brendan Van Alsenoy is a Legal Advisor at the Belgian Data Protection Authority and a senior affiliated researcher at the KU Leuven Centre for IT & IP Law, and co-editor of Privacy & Persoonsgegevens. He has previously worked as a legal researcher at the KU Leuven Centre for IT & IP Law, with a focus on data protection and privacy, intermediary liability and trust services. In 2012, he worked at the Organisation for Economic Co-operation and Development (OECD) to assist in the revision of the 1980 OECD Privacy Guidelines

AbstractIt was only until recently that the Indonesian government deemed privacy and personal data as a pressing and urgent topic that requires an adequate legal and regulatory protection. In this respect, the government drafted a singular comprehensive personal data protection law (PDPL), which draft is currently pending passage in the parliament. Based on a 2016 version of the PDPL draft, organizations that process personal data are expected to comply with a myriad of obligations. However, the PDPL (per the 2016 version) does not appear to have anything to offer in terms of guaranteeing that organizations will actually implement the rules as laid down in the PDPL in practice. In the absence of any practical solution that could facilitate organizations' data protection compliance, the PDPL is bound to fail to achieve the prescribed objective, which is to better protect individuals' privacy rights, especially with regard to their personal data. Looking particularly at the practice that has already been developed within the European Union (EU) landscape, most of the member states adopt a self-monitoring mechanism to ensure compliance in the data protection sphere – and that self-monitoring mechanism takes form in a data protection officer (DPO). Under the General Data Protection Regulation (GDPR), EU's data protection law, organizations with certain characteristics are mandated to appoint a DPO (DPO Obligation). As the DPO Obligation is perceived as an effective practical data protection compliance tool amongst EU countries, this article discusses and ultimately suggests for the adoption of the same into the PDPL in order to boost compliance and accomplish its objectives.AbstrakPemerintah Indonesia belum lama ini baru menyadari bahwa persoalan terkait privasi dan perlindungan data pribadi merupakan permasalahan yang mendesak dan penting untuk segera ditanggulangi melalui payung hukum yang memadai. Berkenaan dengan ini, pemerintah telah menyusun sebuah undang-undang perlindungan data pribadi (UUPDP) yang bersifat komprehensif, yang saat ini berada dan sedang dibahas di Dewan Perwakilan Rakyat. Berdasarkan rancangan UUPDP versi tahun 2016, pihak-pihak yang memproses data pribadi dipastikan perlu untuk mematuhi berbagai macam kewajiban berdasarkan aturan-aturan yang terdapat di dalam UUPDP. Namun demikian, di dalam rancangan tersebut tidak ada mekanisme yang bersifat praktis yang ditawarkan kepada para pihak yang terkait agar mereka benar-benar menjalankan aturan yang ada di dalam UUPDP. Tanpa mekanisme tersebut, penerapan UUPDP bisa dipastikan gagal untuk mencapai tujuannya, yaitu untuk meningkatkan perlindungan terhadap hak privasi seseorang, tepatnya hak atas data pribadi mereka. Berkaca pada praktik yang sudah lama berkembang di negara-negara Uni Eropa (UE), mekanisme yang diterapkan oleh kebanyakan negara-negara di sana untuk menjamin terlaksananya aturan perlindungan data pribadi adalah dengan menghadirkan fungsi 'data protection officer' (DPO). Berdasarkan General Data Protection Regulation (GDPR), aturan mengenai perlindungan data pribadi di UE, pihak-pihak yang melakukan pemrosesan data pribadi tertentu wajib untuk memiliki dan menunjuk seorang DPO (Kewajiban Penunjukkan DPO). Hal ini dikarenakan kewajiban penunjukkan DPO dianggap sebagai mekanisme yang efektif, tulisan ini membahas dan diakhiri dengan sebuah saran agar UUPDP mengadopsi mekanisme tersebut ke dalam UUPDP agar tujuan dari undang-undang tersebut dapat tercapai. DOI: https://doi.org/10.22304/pjih.v5n1.a2

"Turning point in data protection law" enthält Beiträge aus den ersten beiden Jahren der DS-GVO des DPOblog.eu. Die Themen erstrecken sich von den neuen Grundlagen der DS-GVO über die aktuellen Entscheidungen des EuGH bis zu den ersten Rechtsverfahren von Max Schrems.