Regulation (EU) 2016/679 of the European Parliament and of the council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC is believed to act as the facilitator of progress in international cooperation in the field of life sciences and healthcare, which were restricted due to disparities among countries concerning personal health data for a while. This article focuses on practical aspects of application of personal health data processing provisions of General data protection regulation with a clear emphasis on Lithuanian health care providers. The article approaches the complexity of the definition of health care data, informed consent as well as the importance of interaction between supervisory body and associations of healthcare professionals.
Regulation (EU) 2016/679 of the European Parliament and of the council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC is believed to act as the facilitator of progress in international cooperation in the field of life sciences and healthcare, which were restricted due to disparities among countries concerning personal health data for a while. This article focuses on practical aspects of application of personal health data processing provisions of General data protection regulation with a clear emphasis on Lithuanian health care providers. The article approaches the complexity of the definition of health care data, informed consent as well as the importance of interaction between supervisory body and associations of healthcare professionals.
Regulation (EU) 2016/679 of the European Parliament and of the council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC is believed to act as the facilitator of progress in international cooperation in the field of life sciences and healthcare, which were restricted due to disparities among countries concerning personal health data for a while. This article focuses on practical aspects of application of personal health data processing provisions of General data protection regulation with a clear emphasis on Lithuanian health care providers. The article approaches the complexity of the definition of health care data, informed consent as well as the importance of interaction between supervisory body and associations of healthcare professionals.
Regulation (EU) 2016/679 of the European Parliament and of the council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC is believed to act as the facilitator of progress in international cooperation in the field of life sciences and healthcare, which were restricted due to disparities among countries concerning personal health data for a while. This article focuses on practical aspects of application of personal health data processing provisions of General data protection regulation with a clear emphasis on Lithuanian health care providers. The article approaches the complexity of the definition of health care data, informed consent as well as the importance of interaction between supervisory body and associations of healthcare professionals.
In this final thesis author analyses problematic aspects of legitimate interest as a lawful basis for processing personal data, its conditions of legitimacy and proper application in practice. Therefore, author analyses the purpose of the legitimate interest, the essential conditions of legitimacy for this lawful basis and its exclusivity from other lawful bases for the processing of personal data. Moreover, author provides a definition of legitimate interest as a lawful basis for processing of personal data. Author analyses stages of the assessment of legitimate interests, the most important evaluation criterions and the practical significance of the results. Also, the author presents relevant case law and examines hypothetical situations, reveals the significance of the necessity and the close connection with the principle of data minimization, the meaning of the balancing test and the proportionality of the impact on the legitimate interests and fundamental rights and freedoms of data subjects. In this final thesis legitimate interest was compared with other lawful bases for the processing of personal data in order to reveal the advantages and disadvantages of legitimate interest. Lastly, in this final thesis author presents other insights into the shortcomings of the legitimate interest as a lawful basis, which could have practical implications for data controllers, who are choosing to process personal data on this lawful basis, and for legislators when considering legislative amendments or new legislation.
In this final thesis author analyses problematic aspects of legitimate interest as a lawful basis for processing personal data, its conditions of legitimacy and proper application in practice. Therefore, author analyses the purpose of the legitimate interest, the essential conditions of legitimacy for this lawful basis and its exclusivity from other lawful bases for the processing of personal data. Moreover, author provides a definition of legitimate interest as a lawful basis for processing of personal data. Author analyses stages of the assessment of legitimate interests, the most important evaluation criterions and the practical significance of the results. Also, the author presents relevant case law and examines hypothetical situations, reveals the significance of the necessity and the close connection with the principle of data minimization, the meaning of the balancing test and the proportionality of the impact on the legitimate interests and fundamental rights and freedoms of data subjects. In this final thesis legitimate interest was compared with other lawful bases for the processing of personal data in order to reveal the advantages and disadvantages of legitimate interest. Lastly, in this final thesis author presents other insights into the shortcomings of the legitimate interest as a lawful basis, which could have practical implications for data controllers, who are choosing to process personal data on this lawful basis, and for legislators when considering legislative amendments or new legislation.
The legal regulation of processing of personal data for direct marketing purposes have been analyzed in the Master's final work. The objective of this Master's final work was to analyze the legal regulation of personal data processing in the European Union, including the Republic of Lithuania, also to identify the most frequently encountered problems, assessing the clarity and applicability of the legal regulation in practice, and to propose possible solutions. In accordance with the above mentioned, Master's final work consists of three sections. The first section reveals the concepts of the personal data, personal data processing and direct marketing, as well as the specifics of the direct marketing. The second section delimits the legal grounds of the processing of personal data for direct marketing purposes and identifies the interplay between those legal grounds. The third section provides the analysis of the ways, in which the direct marketing is compliant with the legal regulation and the fundamental problems that are encountered, while performing the direct marketing, disclosing the data controller's responsibilities prior to the performance of the direct marketing, the requirements of the personal data processing from the moment of the collection of the personal data till the destruction, also the right of the data subject to withdraw the consent and the right to object to the processing of the personal data.
The legal regulation of processing of personal data for direct marketing purposes have been analyzed in the Master's final work. The objective of this Master's final work was to analyze the legal regulation of personal data processing in the European Union, including the Republic of Lithuania, also to identify the most frequently encountered problems, assessing the clarity and applicability of the legal regulation in practice, and to propose possible solutions. In accordance with the above mentioned, Master's final work consists of three sections. The first section reveals the concepts of the personal data, personal data processing and direct marketing, as well as the specifics of the direct marketing. The second section delimits the legal grounds of the processing of personal data for direct marketing purposes and identifies the interplay between those legal grounds. The third section provides the analysis of the ways, in which the direct marketing is compliant with the legal regulation and the fundamental problems that are encountered, while performing the direct marketing, disclosing the data controller's responsibilities prior to the performance of the direct marketing, the requirements of the personal data processing from the moment of the collection of the personal data till the destruction, also the right of the data subject to withdraw the consent and the right to object to the processing of the personal data.
Die Arbeit behandelt das Problem der Skalierbarkeit von Reinforcement Lernen auf hochdimensionale und komplexe Aufgabenstellungen. Unter Reinforcement Lernen versteht man dabei eine auf approximativem Dynamischen Programmieren basierende Klasse von Lernverfahren, die speziell Anwendung in der Künstlichen Intelligenz findet und zur autonomen Steuerung simulierter Agenten oder realer Hardwareroboter in dynamischen und unwägbaren Umwelten genutzt werden kann. Dazu wird mittels Regression aus Stichproben eine Funktion bestimmt, die die Lösung einer "Optimalitätsgleichung" (Bellman) ist und aus der sich näherungsweise optimale Entscheidungen ableiten lassen. Eine große Hürde stellt dabei die Dimensionalität des Zustandsraums dar, die häufig hoch und daher traditionellen gitterbasierten Approximationsverfahren wenig zugänglich ist. Das Ziel dieser Arbeit ist es, Reinforcement Lernen durch nichtparametrisierte Funktionsapproximation (genauer, Regularisierungsnetze) auf -- im Prinzip beliebig -- hochdimensionale Probleme anwendbar zu machen. Regularisierungsnetze sind eine Verallgemeinerung von gewöhnlichen Basisfunktionsnetzen, die die gesuchte Lösung durch die Daten parametrisieren, wodurch die explizite Wahl von Knoten/Basisfunktionen entfällt und so bei hochdimensionalen Eingaben der "Fluch der Dimension" umgangen werden kann. Gleichzeitig sind Regularisierungsnetze aber auch lineare Approximatoren, die technisch einfach handhabbar sind und für die die bestehenden Konvergenzaussagen von Reinforcement Lernen Gültigkeit behalten (anders als etwa bei Feed-Forward Neuronalen Netzen). Allen diesen theoretischen Vorteilen gegenüber steht allerdings ein sehr praktisches Problem: der Rechenaufwand bei der Verwendung von Regularisierungsnetzen skaliert von Natur aus wie O(n**3), wobei n die Anzahl der Daten ist. Das ist besonders deswegen problematisch, weil bei Reinforcement Lernen der Lernprozeß online erfolgt -- die Stichproben werden von einem Agenten/Roboter erzeugt, während er mit der Umwelt interagiert. Anpassungen an der Lösung müssen daher sofort und mit wenig Rechenaufwand vorgenommen werden. Der Beitrag dieser Arbeit gliedert sich daher in zwei Teile: Im ersten Teil der Arbeit formulieren wir für Regularisierungsnetze einen effizienten Lernalgorithmus zum Lösen allgemeiner Regressionsaufgaben, der speziell auf die Anforderungen von Online-Lernen zugeschnitten ist. Unser Ansatz basiert auf der Vorgehensweise von Recursive Least-Squares, kann aber mit konstantem Zeitaufwand nicht nur neue Daten sondern auch neue Basisfunktionen in das bestehende Modell einfügen. Ermöglicht wird das durch die "Subset of Regressors" Approximation, wodurch der Kern durch eine stark reduzierte Auswahl von Trainingsdaten approximiert wird, und einer gierigen Auswahlwahlprozedur, die diese Basiselemente direkt aus dem Datenstrom zur Laufzeit selektiert. Im zweiten Teil übertragen wir diesen Algorithmus auf approximative Politik-Evaluation mittels Least-Squares basiertem Temporal-Difference Lernen, und integrieren diesen Baustein in ein Gesamtsystem zum autonomen Lernen von optimalem Verhalten. Insgesamt entwickeln wir ein in hohem Maße dateneffizientes Verfahren, das insbesondere für Lernprobleme aus der Robotik mit kontinuierlichen und hochdimensionalen Zustandsräumen sowie stochastischen Zustandsübergängen geeignet ist. Dabei sind wir nicht auf ein Modell der Umwelt angewiesen, arbeiten weitestgehend unabhängig von der Dimension des Zustandsraums, erzielen Konvergenz bereits mit relativ wenigen Agent- Umwelt Interaktionen, und können dank des effizienten Online-Algorithmus auch im Kontext zeitkritischer Echtzeitanwendungen operieren. Wir demonstrieren die Leistungsfähigkeit unseres Ansatzes anhand von zwei realistischen und komplexen Anwendungsbeispielen: dem Problem RoboCup-Keepaway, sowie der Steuerung eines (simulierten) Oktopus-Tentakels. ; This thesis aims at learning autonomously optimal behavior for high-dimensional control tasks using reinforcement learning with a kernel-based approach. Harnessing the representational power of kernel-based methods we hope to escape the so-called "curse of dimensionality", which otherwise implies an exponential growth in the number of basis functions. Specifically, we apply regularization networks as underlying function approximator in least-squares based policy evaluation. The samples used to build this approximation are generated online, from an agent interacting with the environment. This poses an enormous computational challenge since kernel methods inherently scale with O(n**3), where n is the number of training samples. Our first contribution hence is an efficient recursive implementation of regularization networks, particularly tailored for online learning. This is made possible by using the subset of regressors approximation which approximates the kernel using a vastly reduced number of basis functions. To select this subset we employ sparse greedy online selection that automatically constructs a dictionary of basis functions directly from the data stream. Since parsimoniousness is of great importance for efficiency in an online-setting, we extend the original procedure to additionally incorporate a notion of relevance, i.e. the reduction of error in the regression task, thereby eliminating redundancy on-the-fly and further reducing the number of basis functions necessary. The resulting new online algorithm is evaluated on a number of benchmark regression problems and shown to perform well (an order of magnitude faster with only a slight decrease of performance) in comparison with state-of-the-art offline methods. We then apply this algorithm to carry out approximate policy evaluation and embed it into an approximate policy iteration framework suitable for optimal control. The result is a reinforcement learning method that works online and in a model-free fashion, allows non-deterministic transitions, is very data-efficient and effortlessly scales to high-dimensional state-spaces. We demonstrate this using some high-dimensional benchmarks (simulations), among them RoboCup-Keepaway and the recently proposed control of an octopus-arm.
Die vorliegende Arbeit beschäftigt sich mit der Entwicklung eines Funktionsapproximators und dessen Verwendung in Verfahren zum Lernen von diskreten und kontinuierlichen Aktionen: 1. Ein allgemeiner Funktionsapproximator – Locally Weighted Interpolating Growing Neural Gas (LWIGNG) – wird auf Basis eines Wachsenden Neuralen Gases (GNG) entwickelt. Die topologische Nachbarschaft in der Neuronenstruktur wird verwendet, um zwischen benachbarten Neuronen zu interpolieren und durch lokale Gewichtung die Approximation zu berechnen. Die Leistungsfähigkeit des Ansatzes, insbesondere in Hinsicht auf sich verändernde Zielfunktionen und sich verändernde Eingabeverteilungen, wird in verschiedenen Experimenten unter Beweis gestellt. 2. Zum Lernen diskreter Aktionen wird das LWIGNG-Verfahren mit Q-Learning zur Q-LWIGNG-Methode verbunden. Dafür muss der zugrunde liegende GNG-Algorithmus abgeändert werden, da die Eingabedaten beim Aktionenlernen eine bestimmte Reihenfolge haben. Q-LWIGNG erzielt sehr gute Ergebnisse beim Stabbalance- und beim Mountain-Car-Problem und gute Ergebnisse beim Acrobot-Problem. 3. Zum Lernen kontinuierlicher Aktionen wird ein REINFORCE-Algorithmus mit LWIGNG zur ReinforceGNG-Methode verbunden. Dabei wird eine Actor-Critic-Architektur eingesetzt, um aus zeitverzögerten Belohnungen zu lernen. LWIGNG approximiert sowohl die Zustands-Wertefunktion als auch die Politik, die in Form von situationsabhängigen Parametern einer Normalverteilung repräsentiert wird. ReinforceGNG wird erfolgreich zum Lernen von Bewegungen für einen simulierten 2-rädrigen Roboter eingesetzt, der einen rollenden Ball unter bestimmten Bedingungen abfangen soll. ; This doctoral thesis deals with the development of a function approximator and its application to methods for learning discrete and continuous actions: 1. A general function approximator – Locally Weighted Interpolating Growing Neural Gas (LWIGNG) – is developed from Growing Neural Gas (GNG). The topological neighbourhood structure is used for calculating interpolations between neighbouring neurons and for applying a local weighting scheme. The capabilities of this method are shown in several experiments, with special considerations given to changing target functions and changing input distributions. 2. To learn discrete actions LWIGNG is combined with Q-Learning forming the Q-LWIGNG method. The underlying GNG-algorithm has to be changed to take care of the special order of the input data in action learning. Q-LWIGNG achieves very good results in experiments with the pole balancing and the mountain car problems, and good results with the acrobot problem. 3. To learn continuous actions a REINFORCE algorithm is combined with LWIGNG forming the ReinforceGNG method. An actor-critic architecture is used for learning from delayed rewards. LWIGNG approximates both the state-value function and the policy. The policy is given by the situation dependent parameters of a normal distribution. ReinforceGNG is applied successfully to learn continuous actions of a simulated 2-wheeled robot which has to intercept a rolling ball under certain conditions.
Das Software Engineering ist heute geprägt von schnelllebigen Technologien und Trends, verteilten, arbeitsteiligen Projekten mit vielen Interessenvertretern (Stakeholdern) und einem umkämpften globalen Markt. In diesem Umfeld wird es zur Herausforderung, gewonnene Erkenntnisse festzuhalten und daraus als gesamte Organisation zu lernen, um Fehler nicht zu wiederholen oder gar ganz zu vermeiden. Information und Wissen sowie Kommunikation und Wissenstransfer zusammen mit wohl reflektierten Entscheidungen werden daher immer mehr zum kritischen Erfolgsfaktor einer Organisation. Rationale Management (RM) (engl. Begründungsmanagement) ist ein Ansatz, um diese Erfolgsfaktoren auf allen Ebenen einer Organisation einzubeziehen. Durch das Aufzeigen der Gestaltungsalternativen (design space analysis) sollen die Entscheidungsträger (gegebenenfalls in einem kollaborativen Prozess) anhand von adäquaten Kriterien zu konsistenten und argumentativ begründeten Entscheidungen gelangen. Über eine geeignete Erfassung, Aufbereitung und Nutzung des Rationale soll eine Verbesserung der Entscheidungskommunikation, des Wissenstransfers und der Informationsgewinnung über individuelle, organisatorische und funktionale Grenzen der Organisation hinweg erreicht werden. In der vorliegenden Arbeit werden die im Kontext des Software Engineering diskutierten Ansätze für Rationale Management zusammengetragen. Sie werden strukturiert nach verschiedenen Wissensbereichen des Software Engineering aufbereitet und gegenübergestellt. Basierend darauf und am Beispiel der SAP AG wird untersucht wie Rationale Management in unterschiedlichen Bereichen eines Vorgehensmodells gewinnbringend integriert werden könnte. Hierzu werden konkrete Vorschläge im Umfeld der Kommunikation von Projektlenkungsentscheidungen oder der Erfassung von Rationale im Kontext von Anforderungspriorisierungen erarbeitet. Die dabei gewonnenen Erkenntnisse bei der Integration von Rationale Management in die Prozesse – auch in Bezug auf die Projektpolitik – werden abschließend festgehalten.
EU General Data Protection Regulation, by the theoretical and practical view, reforms EU data protection legal regulation and establishes a uniformly high standard of privacy data protection - the impact of any government institution or company on data protection will have to become permanent and one of the central element of planning and implementing any activity. The EU General Data Protection Regulation not only sets new rules for data processing, but also in detail regulates the rights of data subjects, extends the content of these rights and establishes the Data Protection Officer Institute. In this article, authors presents the main innovations related to data subjects' rights protection and data processing principles. The paper also analyzes the bases for the appointment of the Personal Data Protection Officer and the principles of his operation. Only the responsible processing and processing of personal data based on the principles enshrined in the Regulation protects data subject individual's right to privacy, also the data controller and data processor - against personal data protection breach. The relevance of this scientific article relates to the novelty and relevance of the General Data Protection Regulation and the importance of this document to data protection law. The purpose of this scientific article is to analyze the content of the main rights of data subject, identifying the means of ensuring data rights of the data subjects and examining the bases and principles of the activities of the data protection officer. Object of scientific article - General Data Protection Regulation contains the principles of data subjects' rights and the processing of personal data. To sum up is has to be drawn that the application of the General Data Protection Regulation has become a direct legal act and brings many innovations into countries national legal systems. The Regulation dramatically broadens the territorial scope of EU data protection law, strengthens the requirements for the lawfulness of the processing of personal data, extends the scope of liability for the processing of personal data, establishes a new obligation for a part of data controllers and data processors, appointment of a data protection officer, regulates the processing of personal data of children, strengthens the rights of subjects, tightens the requirements for the consent of the data subjects, and also increases the amount of fines for improper or unlawful processing of personal data. The establishment of the rights of data subjects in the General Personal Data Regulation aims to ensure that information is correct, used only for legitimate purposes and by those controllers who have the right to process specific data. The principles enshrined in the Regulation are considered to be clear legal requirements, which controller and processor must follow when controling and / or processing personal data. Regulation sets for data controllers binding guidelines for managing data in accordance with established principles, and each controller is required to define it in activity records. In this way, the responsibility of data controllers for the rights of data subjects is reinforced and the involvement of the data protection supervisory authority in the daily routine of data processing is reduced. The Regulation attaches a significant role to the Data protection officer throughout the entire data management system. The Data protection officer, in accordance with his mandate and assigned functions, shall be considered as a person who will not only be required to help data controllers and processors properly enforce data protection requirements but also act as an intermediary between data subjects, data controllers or processors and the data protection supervisory institution.
EU General Data Protection Regulation, by the theoretical and practical view, reforms EU data protection legal regulation and establishes a uniformly high standard of privacy data protection - the impact of any government institution or company on data protection will have to become permanent and one of the central element of planning and implementing any activity. The EU General Data Protection Regulation not only sets new rules for data processing, but also in detail regulates the rights of data subjects, extends the content of these rights and establishes the Data Protection Officer Institute. In this article, authors presents the main innovations related to data subjects' rights protection and data processing principles. The paper also analyzes the bases for the appointment of the Personal Data Protection Officer and the principles of his operation. Only the responsible processing and processing of personal data based on the principles enshrined in the Regulation protects data subject individual's right to privacy, also the data controller and data processor - against personal data protection breach. The relevance of this scientific article relates to the novelty and relevance of the General Data Protection Regulation and the importance of this document to data protection law. The purpose of this scientific article is to analyze the content of the main rights of data subject, identifying the means of ensuring data rights of the data subjects and examining the bases and principles of the activities of the data protection officer. Object of scientific article - General Data Protection Regulation contains the principles of data subjects' rights and the processing of personal data. To sum up is has to be drawn that the application of the General Data Protection Regulation has become a direct legal act and brings many innovations into countries national legal systems. The Regulation dramatically broadens the territorial scope of EU data protection law, strengthens the requirements for the lawfulness of the processing of personal data, extends the scope of liability for the processing of personal data, establishes a new obligation for a part of data controllers and data processors, appointment of a data protection officer, regulates the processing of personal data of children, strengthens the rights of subjects, tightens the requirements for the consent of the data subjects, and also increases the amount of fines for improper or unlawful processing of personal data. The establishment of the rights of data subjects in the General Personal Data Regulation aims to ensure that information is correct, used only for legitimate purposes and by those controllers who have the right to process specific data. The principles enshrined in the Regulation are considered to be clear legal requirements, which controller and processor must follow when controling and / or processing personal data. Regulation sets for data controllers binding guidelines for managing data in accordance with established principles, and each controller is required to define it in activity records. In this way, the responsibility of data controllers for the rights of data subjects is reinforced and the involvement of the data protection supervisory authority in the daily routine of data processing is reduced. The Regulation attaches a significant role to the Data protection officer throughout the entire data management system. The Data protection officer, in accordance with his mandate and assigned functions, shall be considered as a person who will not only be required to help data controllers and processors properly enforce data protection requirements but also act as an intermediary between data subjects, data controllers or processors and the data protection supervisory institution.
Because of the growing influence of digital technologies there are many significant challenges on personal data protection law. It is therefore necessary to strengthen the data protection systems of the European Union and the Council of Europe. In order to ensure adequate protection of personal data in Europe, it is necessary to harmonize data protection standards as much as possible. Therefore, the aim of this work is to review data protection regulations in the European Union and the Council of Europe. In order to compare regulatory standards, the paper analyses the data protection law reforms of the European Union and the Council of Europe, compares data protection systems, focusing on the basics of legislation – the General Data Protection Regulation and the Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data. In particular, the data protection principles enshrined in this legislation, the basis for data processing and the rights of data subjects are guaranteed. The way in which the standards of the European Union and the Council of Europe are applied in Lithuania is also taken into account. The Data Protection Convention sets out the same data protection principles as the General Data Protection Regulation: legality, fairness, transparency, limited purpose, and so on. However, the grounds for data collection set out in the Convention on Data Protection are not detailed, stating that data may be processed on the basis of the data subject's consent and on other grounds provided by law. Meanwhile, the General Data Protection Regulation provides 5 specific data processing grounds in addition to the data subject's consent as a basis for data processing. The rights of data subjects are fairly similar but the Convention on Data Protection does not provide for the right to data portability and the right to restrict data processing, which are enshrined in the General Data Protection Regulation. A comparison of the personal data protection standards of the European Union and the Council of Europe shows that the aim is to ensure data protection principles of a similar scope, the basis of data processing and the rights of data subjects. However, the data protection provisions in the General Data Protection Regulation are much more specific than in the Data Protection Convention. It is considered that the broader regulation in the General Data Protection Regulation is required by the rules of the European Union itself.
Because of the growing influence of digital technologies there are many significant challenges on personal data protection law. It is therefore necessary to strengthen the data protection systems of the European Union and the Council of Europe. In order to ensure adequate protection of personal data in Europe, it is necessary to harmonize data protection standards as much as possible. Therefore, the aim of this work is to review data protection regulations in the European Union and the Council of Europe. In order to compare regulatory standards, the paper analyses the data protection law reforms of the European Union and the Council of Europe, compares data protection systems, focusing on the basics of legislation – the General Data Protection Regulation and the Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data. In particular, the data protection principles enshrined in this legislation, the basis for data processing and the rights of data subjects are guaranteed. The way in which the standards of the European Union and the Council of Europe are applied in Lithuania is also taken into account. The Data Protection Convention sets out the same data protection principles as the General Data Protection Regulation: legality, fairness, transparency, limited purpose, and so on. However, the grounds for data collection set out in the Convention on Data Protection are not detailed, stating that data may be processed on the basis of the data subject's consent and on other grounds provided by law. Meanwhile, the General Data Protection Regulation provides 5 specific data processing grounds in addition to the data subject's consent as a basis for data processing. The rights of data subjects are fairly similar but the Convention on Data Protection does not provide for the right to data portability and the right to restrict data processing, which are enshrined in the General Data Protection Regulation. A comparison of the personal data protection standards of the European Union and the Council of Europe shows that the aim is to ensure data protection principles of a similar scope, the basis of data processing and the rights of data subjects. However, the data protection provisions in the General Data Protection Regulation are much more specific than in the Data Protection Convention. It is considered that the broader regulation in the General Data Protection Regulation is required by the rules of the European Union itself.