Suchergebnisse

This chapter critically examines the GDPR's provisions relating to health by focusing on two main issues: i) the definitional uncertainties surrounding health data and, ii) the legislative choices regarding the balance between the competing interests to data privacy on the one hand -seen mainly within the context of the enhanced protection that personal health data enjoy-, and the interests of 'public health' on the other hand. I argue that while the GDPR's provisions balancing data privacy with public health interests appear flexible and context- dependent, its binary definitional distinctions (sensitive (health)/ non-sensitive (non-health) data is problematic and may result in rendering the GDPR's rules both over- and under- inclusive.

The article addresses the future of European Union (EU) data privacy law and argues for a shift of paradigm, calling for a less technology-driven and more human-centric and societally focused approach. It discusses two case studies — poor people's data privacy and women's data privacy — and the recent System for Risk Indication "SyRI" and finds that the mainstream EU data protection narrative has missed out fundamental questions about the socio-economic, gender and intersectional exceptions of EU data protection law. In this regard, the article argues that EU data protection law should be reconstructed to pursue substantive equality goals. It proposes an egalitarian data privacy project guided by methods that bring forward neglected perspectives and narratives. It concludes that only if EU data protection law is attentive to the inequalities that the most vulnerable face, it can remain relevant in the future.

The present contribution aims to critically reflect on the future direction of data retention at the EU and the national levels by discussing the lessons arising from two seminal Court of Justice of the EU (CJEU) decisions: Privacy International and Quadrature du Net. The article addresses four main themes: (1) the broad reach of EU data privacy law, (2) the detailed typology of permissible data retention models and the conditions applicable to these, (3) the evolving interaction between the CJEU and the European Court of Human Rights (ECtHR) in cases of bulk surveillance, and (4) the relevant legislative developments regarding data retention enshrined in the proposed ePrivacy Regulation. It advances four main lines of criticism. The first concerns the Court's reasoning regarding the expansive scope of application of EU data protection law that - while anticipated - appears unconvincing. The second regards the shortcomings and weaknesses in the CJEU's analysis laying down a taxonomy of permissible data retention systems. The third line of criticism is broader and concerns the progressive re-legitimisation of bulk as well as other surveillance models that seems to be the path undertaken by both the CJEU and ECIHR. Finally, we criticize the ways the EU legislature is trying to 'circumvent' the CJEU's data retention rulings.