The Experts below are selected from a list of 345 Experts worldwide ranked by ideXlab platform
Rebecca Wong - One of the best experts on this subject based on the ideXlab platform.
-
Data Protection Directive 95 46 ec
2013Co-Authors: Rebecca WongAbstract:This chapter will consider the background of the Data Protection Directive what it provides in the context of Data security breaches. As Data security breaches are covered under Art.17 of the Data Protection Directive, the provision will be considered in more detail with reference to recent examples involving Data security breaches.
-
the Data Protection Directive 95 46 ec idealisms and realisms
International Review of Law Computers & Technology, 2012Co-Authors: Rebecca WongAbstract:Following proposals to consider revising the Data Protection Directive 95/46/EC DPD in 2011, have the changes addressed the main areas of concern that have been the focus of much discussion? The areas of concern include the application of the Directive in the online age, particularly to social networking sites and cloud computing; the minimum/maximum standard approach by the EU Member States to Data Protection; the relevance and application of the Data Protection principles. These are some of the issues that were considered in the recent Art. 29 Working Party's Opinion on the Future of Privacy. The article will use this as a starting point of discussion to identify the extent to which impending proposals to revise the Data Protection Directive are closely aligned with the Opinion and consider the recent European Commission Communication 6/2010 on the comprehensive approach to personal Data Protection in the European Union. According to the Art. 29 Working Party, the level of Data Protection in the EU can benefit from a better application of the existing Data Protection principles in practice. This paper will attempt to address some of the difficult questions and consider the challenges to implementing the changes introduced by forthcoming revisions to the DPD.
-
the Data Protection Directive 95 46 ec idealisms and realisms
Social Science Research Network, 2012Co-Authors: Rebecca WongAbstract:Following proposals to consider revising the Data Protection Directive 95/46/EC (“DPD”) in 2011, has the changes achieved the main areas of concern that have been the focus of much discussion? These include the application of the Directive in the online age particularly to social networking sites and cloud computing; the minimum/maximum standard approach by the EU Member States to Data Protection; the relevance and application of the Data Protection principles. These are some of the issues that were considered in the recent Art. 29 Working Party’s Opinion on the Future of Privacy. The article will use this as a starting point of discussion to identify the extent to which impending proposals to revise the Data Protection Directive are closely aligned to the Opinion and consider the recent European Commission Communication (6/2010) on the comprehensive approach on personal Data Protection in the European Union. According to the Art. 29 Working Party, the level of Data Protection in the EU can benefit from a better application of the existing Data Protection principles in practice. This paper will attempt to address some of the difficult questions and consider the challenges that lay ahead to implement the changes introduced by forthcoming revisions to the DPD.
-
reflections and analysis the Data Protection Directive 95 46 ec idealisms and realisms
2012Co-Authors: Rebecca WongAbstract:Nottingham Law School, Nottingham Trent University, Burton Street, Nottingham, UK Following proposals to consider revising the Data Protection Directive 95/46/EC (DPD) in 2011, have the changes addressed the main areas of concern that have been the focus of much discussion? The areas of concern include the application of the Directive in the online age, particularly to social networking sites and cloud computing; the minimum/maximum standard approach by the EU Member States to Data Protection; the relevance and application of the Data Protection principles. These are some of the issues that were considered in the recent Art. 29 Working Party’s Opinion on the Future of Privacy. The article will use this as a starting point of discussion to identify the extent to which impending proposals to revise the Data Protection Directive are closely aligned with the Opinion and consider the recent European Commission Communication (6/2010) on the comprehensive approach to personal Data Protection in the European Union. According to the Art. 29 Working Party, the level of Data Protection in the EU can benefit from a better application of the existing Data Protection principles in practice. This paper will attempt to address some of the difficult questions and consider the challenges to implementing the changes introduced by forthcoming revisions to the DPD.
-
all or nothing this is the question the application of article 3 2 Data Protection Directive 95 46 ec to the internet
Social Science Research Network, 2008Co-Authors: Rebecca Wong, Joseph SavirimuthuAbstract:The Data Protection Directive 95/46/EC (hereinafter the “Directive”) was passed in 1995 to harmonise the national Data Protection laws within the European Community with the aim of protecting the fundamental rights and freedoms of individuals including their privacy as set out under Art. 1 of the Data Protection Directive. The rules governing the processing of personal Data are deemed to be inapplicable in the two instances outlined by Art.3(2). Processing of personal Data taking place as part of activities falling outside of Community law are excluded from the DPD. The Directive is also deemed to be inapplicable if the processing of personal Data is undertaken by a natural person in the course of a purely personal or household activity. It is the second part of Art. 3(2), which is examined in more detail. The ruling by the European Court of Justice in Lindqvist provides us with a fresh opportunity to re-examine whether the policy justifications for the exclusion under Art 3(2) continue to remain relevant in the light of widespread use of new technologies such as blogs, podcasts and web pages for processing and distributing information. Greater clarity regarding the implication of new communication technologies for DPD policy is necessary if the laws on Data Protection are to evolve in a coherent and principled manner.
Christopher Kuner - One of the best experts on this subject based on the ideXlab platform.
-
The Court of Justice of the EU Judgment on Data Protection and Internet Search Engines
SSRN Electronic Journal, 2014Co-Authors: Christopher KunerAbstract:In Case C-131/12 Google Spain v. AEPD and Mario Costeja Gonzalez, issued on 13 May 2014, the Court of Justice of the European Union made several important pronouncements about EU Data Protection law, and in particular recognized a right under the EU Data Protection Directive 95/46 for individuals to suppress links generated by Internet search engines (popularly referred to as the “right to be forgotten”). The Court’s holdings leave many important questions open, both in regard to technical legal issues and more high-level issues of general jurisprudential and societal importance. The Court also failed to take the significance of the case for the Internet into account. The judgment suffers from the Court’s traditionally minimalist style of argument and reluctance to adopt a more open and discursive style. The material and territorial scope of the right to suppress Internet search engine results are potentially much wider than the ability to implement the right effectively, suggesting that a way must be found to define the scope of the right in a way that is proportionate to the ability to implement it, if the judgment is to provide real Protection in practice.
-
the european commission s proposed Data Protection regulation a copernican revolution in european Data Protection law
2012Co-Authors: Christopher KunerAbstract:In the 18th century Immanuel Kant famously initiated a “Copernican revolution” in philosophy by shifting the understanding of reality away from external objects and towards the cognitive powers of the individual. The European Commission’s recent proposal for a General Data Protection Regulation attempts a similar revolution in European Data Protection law by seeking to shift its focus away from paper-based, bureaucratic requirements and towards compliance in practice, harmonization of the law, and individual empowerment. Indeed, the Proposed Regulation represents the most significant potential change to European Data Protection law since adoption of the EU Data Protection Directive 95/46/EC in 1998. The final success of the Proposed Regulation will perhaps depend on three key factors, namely the effectiveness of the “lead DPA” concept; the operation of the consistency mechanism; and the ability of the Commission to issue delegated and implementing acts of high quality in a way that is timely and transparent and gives stakeholders an opportunity to provide input. If these three factors are realized, then it may work as designed to bring about a more harmonized level of Data Protection throughout the EU, and the benefits could be great for Data controllers, individuals, and the EU economy. But if they are weakened during the EU legislative process, or if member states and DPAs undermine them, then many of the other positive changes foreseen in the text may lose much of their effect. Only time will tell if the final result is a revolution that brings about lasting improvements.
-
immanuel kant and implementation of the eu Data Protection Directive
Social Science Research Network, 2006Co-Authors: Christopher KunerAbstract:European Union (EU) law allows a considerable amount of freedom for Member States to implement Data Protection Directive 95/46 with regard to their particular legal and cultural circumstances. It is thus particularly difficult to state with certitude that a particular implementation violates the Directive. At the same time, the increased size of the Union means that traditional methods for determining whether a Member State implementation violates the Directive are in most cases no longer useful. Kant’s categorical imperative provides a useful logical framework for testing the inherent compatibility of an implementing national rule with the basic policy that underlies it. National legislators and Data Protection authorities would do well to keep it in mind and exercise self-restraint in implementation of the Directive, by taking into account not only their own national situations, but the possible implications of converting their national rules into rules of general application that would apply around the EU. If the result of this test is that the rules would become unworkable if applied universally or would lead to an absurd result or an inherent contradiction, then this is a strong indication that the rule may violate at least the spirit of the Directive. Such unconventional thinking is needed to provide new mechanisms for ensuring that EU Data Protection legislation takes into account not only national characteristics, but also the cross-border nature of the Directive from which it derives.
-
european Data privacy law and online business
2003Co-Authors: Christopher KunerAbstract:From the Publisher: "Beginning with a detailed description of the legislative process, the book goes on to discuss the basic legal concepts underlying Data privacy law. It then focuses on how to determine whether EU law applies to particular electronic commerce and online activities, and how to transfer personal Data outside Europe so as to comply with EU law. The book also includes a comprehensive analysis of how to deal with complex compliance challenges, including notification of Databases, processing of employee Data, privacy policies, codes of conduct, and website compliance and standardization." The key legislative texts needed to deal with complex Data privacy issues are included in the appendices, along with forms and precedents, contact information for Data Protection authorities, and links to useful websites. The book is fully up-to-date with the amendments to the Telecommunications Data Protection Directive passed in the summer of 2002.
Kristen A. Knapp - One of the best experts on this subject based on the ideXlab platform.
-
Enforcement of U.S. Electronic Discovery Law Against Foreign Companies: Should U.S. Courts Give Effect to the EU Data Protection Directive?
Richmond journal of global law and business, 2010Co-Authors: Kristen A. KnappAbstract:Enforcing discovery against companies located in foreign nations is not a new phenomenon. The U.S. Supreme Court took up the conflict between U.S. discovery rules and foreign non-disclosure law in a 1958 case. Despite more than fifty years to reach a settled jurisprudence regarding how to enforce U.S. law against foreign domiciled companies, there has yet to be a clear articulation of a standard applicable in all cases. Currently, there are two main sets of rules under which U.S. courts may enforce discovery laws against foreign companies, and if necessary impose sanctions for non-compliance: the Hague Convention and the U.S. Federal Rules of Civil Procedure. The trend of authority favors the use of the U.S. Federal Rules of Civil Procedure, but there remain some circumstances under which the Hague Convention is favored. In 2006, amendments to the U.S. Federal Rules of Civil Procedure concerning electronic discovery (“e-discovery”) procedures went into effect. These amendments have had and will continue to have a significant impact on the conduct of business both abroad and within the United States. Accordingly, “[m]ore and more companies with global operations are finding themselves enmeshed in e-discovery that requires a greater understanding of the issues and laws from a global perspective” because “[i]t is challenging to navigate and manage e-discovery when you have parent companies based overseas or U.S.-based companies with foreign subsidiaries.” However, U.S. courts have yet to systematically address what effect, if any, the 2006 amendments will have on enforcement of e-discovery law against foreign domiciled companies, and in particular, against European companies. Surprisingly, to date, there is very little case law regarding the enforcement of e-discovery production requests.
-
Enforcement of U.S. Electronic Discovery Law Against Foreign Companies: Should U.S. Courts Give Effect to the EU Data Protection Directive?
SSRN Electronic Journal, 2010Co-Authors: Kristen A. KnappAbstract:Although the U.S. Supreme Court first considered the conflict between U.S. discovery rules and foreign non-disclosure law in 1958, a clear standard regarding how to enforce U.S. law against foreign domiciled companies has yet to emerge. As a result of the 2006 ammendments to the U.S. Federal Rules of Civil Procedure concerning electronic discovery (“e-discovery”) procedures “[m]ore and more companies with global operations are finding themselves enmeshed in e-discovery that requires a greater understanding of the issues and laws from a global perspective” because “[i]t is challenging to navigate and manage e-discovery when you have parent companies based overseas or U.S.-based companies with foreign subsidiaries.”This paper looks at, in light of the 2006 amendments and the lack of case law regarding the affect of the 2006 amendments, whether the enforcement techniques, as applied to “paper” discovery should be applied to e-discovery and whether there is anything specific to the nature of e-discovery that necessitates a change in the application of the law. Specifically, the paper addresses how the European Data privacy regime may affect the application of paper discovery enforcement techniques to e-discovery. The paper suggests that it would be unwise for U.S. courts to afford the European Data Privacy regime significant deference. Instead, the European Data Privacy regime should be treated with skepticism, similarly to how the U.S. courts have viewed “blocking statutes” contained in foreign law. In particular, treating the EU Data Privacy regime with skepticism will help to prevent the creation of perverse incentives for companies to store their Data abroad that hope to avoid legitimate discovery production requests under the Federal Rules of Civil Procedure, by raising the transaction costs for such behavior.
Douwe Korff - One of the best experts on this subject based on the ideXlab platform.
-
new challenges to Data Protection final report executive summary
2010Co-Authors: Douwe Korff, Ian BrownAbstract:This is the executive summary of the "new challenges to Data Protection" report, the full version of which can also be downloaded from this page. The purpose of the study was to identify the challenges for the Protection of personal Data produced by current social and technical phenomena such as the Internet, globalisation, the increasing ubiquity of personal Data and personal Data collection, the increasing power and capacity of computers and other Data-processing devices, special new technologies such as RFID, biometrics, face-recognition, increased surveillance (and "Dataveillance"); and increased uses of personal Data for purposes for which they were not originally collected, in particular in relation to national security and the fight against organised crime and terrorism; and to produce a report containing a comparative analysis of the responses that different regulatory and non-regulatory systems (within the EU and outside it) offer to those challenges, and that provides guidance on whether the legal framework of the main EC Directive on Data Protection (Directive 95/46/EC) still provides appropriate Protection or whether amendments should be considered in the light of best solutions identified. Douwe Korff was the Team Leader for this study and Ian Brown his fellow core expert. Other experts provided country reports and/or important further advice and greatly contributed to this study. They are: Peter Blume (DK), Chris Hoofnagle (USA), Graham Greenleaf (AUS), Lilian Mitrou (GR) and Filip Posposil (CR) (experts) and Ros Anderson (UK), Caspar Bowden (UK), Katrin Nyman-Metcalf (EST) and Paul Whitehouse (UK) (advisers). NB: French and German translations are also available from the present ssrn page, both of this Executive Summary and of the full Final Report.
-
ec study on implementation of Data Protection Directive 95 46 ec
Social Science Research Network, 2002Co-Authors: Douwe KorffAbstract:The report presented here contains the findings, analyses, conclusions and recommendations of a study into the implementation of EC Directive 95/46/EC on the Protection of individuals with regard to the processing of personal Data and on the free movement of such Data (the main EC Data Protection Directive) by the then 15 EU Member States, carried out by the author between October 2001 and September 2002 on behalf of the University of Essex, under a study contract with the European Commission. As presented here, the report consists of three parts, with the first part itself divided into two, as follows: *Part I.A of this report provides a comparative summary and analysis of the national legal provisions on Data Protection in the 15 Member States, by reference to (all) the articles in the Directive which must be implemented by the Member States (Articles 1 - 28) and broadly in the order of those articles (see the contents page to Part I.A for details). *Part I.B focusses on the implications for the internal market of the divergencies between the national laws, identified in Part I.A, and notes certain constitutional issues and certain matters concerning non-EU controllers. *Part II deals with the processing of sound and image Data and with the future of personal Data processing and of Data Protection. *Part III contains a summary, conclusions and recommendations. Some controversial aspects of this work, which led the Commission to accept and publish only the Comparative Summary (i.e., Part 1.A), are explained in an introductory note "About This Report", at the beginning of the paper. The report is presented here in the form in which it was attached to my book on Data Protection Law in Practice in the EU, FEDMA/DMA-USA, Brussels/New York, 2005, ISBN 1-931361-49-5.
Vagelis Papakonstantinou - One of the best experts on this subject based on the ideXlab platform.
-
the new police and criminal justice Data Protection Directive a first analysis
THE NEW JOURNAL OF EUROPEAN CRIMINAL LAW, 2016Co-Authors: Paul De Hert, Vagelis PapakonstantinouAbstract:Allegedly the Police and Criminal Justice Data Protection Directive (henceforth, the “Directive”) is the little-known, much overlooked part of the EU Data Protection reform package that stormed into the EU legislative agenda towards the end of 2015. Its counterpart, regulating all other personal Data processing activities, the General Data Protection Regulation (henceforth, the “Regulation”), is undoubtedly the text that fascinated legislators, legal scholars and even journalists over the four years since their simultaneous release in first draft formats, with its numerous noteworthy novelties: the right to be forgotten, the right to Data portability, Data Protection impact assessments, privacy by design, consistency and one-stop-shop mechanisms among EU Data Protection Authorities etc. Compared to this impressive list the text of the Directive indeed sounds mundane and unimaginative. However, we firmly believe that the repercussions it will have in the EU personal Data processing scene surrounding the work of law enforcement authorities, once it comes into effect, will be fundamental and will be equally felt by everybody exactly in the same way that its famous sibling intends to do.
-
The new General Data Protection Regulation: Still a sound system for the Protection of individuals?
Computer Law and Security Review, 2016Co-Authors: Vagelis PapakonstantinouAbstract:The five-year wait is finally over; a few days before expiration of 2015 the "trilogue" that had started a few months earlier between the Commission, the Council and the Parliament suddenly bore fruit and the EU Data Protection reform package has finally been concluded. As planned since the beginning of this effort a Regulation, the General Data Protection Regulation is going to replace the 1995 Directive and a Directive, the Police and Criminal Justice Data Protection Directive, the 2008 Data Protection Framework Decision. In this way a long process that started as early as in 2009, peaked in early 2012, and required another three years to pass through the Parliament's and the Council's scrutiny is finished. Whether this reform package and its end-result is cause to celebrate or to lament depends on the perspective, the interests and the expectations of the beholder. Four years ago we published an article in this journal under the title "The proposed Data Protection Regulation replacing Directive 95/46/EC: A sound system for the Protection of individuals". This paper essentially constitutes a continuation of that article: now that the General Data Protection Regulation's final provisions are at hand it is possible to present differences with the first draft prepared by the Commission, to discuss the issues raised through its law-making passage over the past few years, and to attempt to assess the effectiveness of its final provisions in relation to their declared purposes.
-
three scenarios for international governance of Data privacy towards an international Data privacy organization preferably a un agency
Journal of law and policy, 2013Co-Authors: Paul De Hert, Vagelis PapakonstantinouAbstract:Data privacy regulation has reached a crossroads: while three out of the four intergovernmental organizations that have released relevant regulations (the OECD, the Council of Europe, and the EU) are amending their respective texts, each one is implementing its own agenda. The Internet and cloud computing are making the need for international governance more evident than ever. Three scenarios may be foreseen: 1) the status quo remains, and technology intervenes to address public concerns; 2) the EU General Data Protection Regulation, which is expected to replace the EU Data Protection Directive by mid-2014, comes into effect and then goes on to set the international Data privacy standard; or, 3) as suggested in this paper, an international Data privacy organization, preferably a UN agency, is established to promote Data privacy issues and warrant
-
the proposed Data Protection regulation replacing Directive 95 46 ec a sound system for the Protection of individuals
Computer Law & Security Review, 2012Co-Authors: Vagelis Papakonstantinou, Paul De HertAbstract:Abstract The recent release by the European Commission of the first drafts for the amendment of the EU Data Protection regulatory framework is the culmination of a consulting and preparation process that lasted more than two years. At the same time, it opens up a law-making process that is intended to take at least as much time. The Commission has undertaken the herculean task to amend the whole EU Data Protection edifice, through the introduction of a General Data Protection Regulation, intended to replace the EU Data Protection Directive 95/46/EC, and a Police and Criminal Justice Data Protection Directive, intended to replace the Framework Decision 2008/977/JHA. This paper shall focus at the replacement of the EU Data Protection Directive by the draft General Data Protection Regulation. Due to the fact that the draft Regulation is a long (and ambitious) text, a selection has been made, with the aim of highlighting its treatment of basic Data Protection principles and elements, in order to identify merits and shortcomings for the general Data Protection purposes.
-
the Data Protection framework decision of 27 november 2008 regarding police and judicial cooperation in criminal matters a modest achievement however not the improvement some have hoped for
Computer Law & Security Review, 2009Co-Authors: Paul De Hert, Vagelis PapakonstantinouAbstract:After more than three years in the making, that have witnessed much controversy, several working texts and at least two altogether different versions, the Data Protection Framework Decision “on the Protection of personal Data processed in the framework of police and judicial cooperation in criminal matters” (hereafter, the DPFD) was finally adopted on 27 November 2008. The DPFD was supposed to be celebrated as the Data Protection Directive equivalent in European law enforcement (Third Pillar) processing. However, since its formal adoption, and even before that, Data Protection proponents (the European Data Protection Supervisor, the Article 29 Working Party, national Data Protection Commissioners, NGOs) lamented its adoption as the result of changes that ultimately compromised Data Protection. Is the DPFD a disappointment to the great expectations that accompanied its first draft, back in 2006? An attempt to address this question shall be undertaken in this paper.
