The Experts below are selected from a list of 3477 Experts worldwide ranked by ideXlab platform
Johannes J. M. Van Delden - One of the best experts on this subject based on the ideXlab platform.
-
big Data in medical research and eu Data Protection Law challenges to the consent or anonymise approach
European Journal of Human Genetics, 2016Co-Authors: Menno Mostert, Annelien L. Bredenoord, Monique C I H Biesaart, Johannes J. M. Van DeldenAbstract:Medical research is increasingly becoming Data-intensive; sensitive Data are being re-used, linked and analysed on an unprecedented scale. The current EU Data Protection Law reform has led to an intense debate about its potential effect on this processing of Data in medical research. To contribute to this evolving debate, this paper reviews how the dominant 'consent or anonymise approach' is challenged in a Data-intensive medical research context, and discusses possible ways forwards within the EU legal framework on Data Protection. A large part of the debate in literature focuses on the acceptability of adapting consent or anonymisation mechanisms to overcome the challenges within these approaches. We however believe that the search for ways forward within the consent or anonymise paradigm will become increasingly difficult. Therefore, we underline the necessity of an appropriate research exemption from consent for the use of sensitive personal Data in medical research to take account of all legitimate interests. The appropriate conditions of such a research exemption are however subject to debate, and we expect that there will be minimal harmonisation of these conditions in the forthcoming EU Data Protection Regulation. Further deliberation is required to determine when a shift away from consent as a legal basis is necessary and proportional in a Data-intensive medical research context, and what safeguards should be put in place when such a research exemption from consent is provided.
-
Big Data in medical research and EU Data Protection Law: challenges to the consent or anonymise approach
European Journal of Human Genetics, 2016Co-Authors: Menno Mostert, Annelien L. Bredenoord, Monique C I H Biesaart, Johannes J. M. Van DeldenAbstract:Big Data in medical research and EU Data Protection Law: challenges to the consent or anonymise approach
Christopher Kuner - One of the best experts on this subject based on the ideXlab platform.
-
extraterritoriality and regulation of international Data transfers in eu Data Protection Law
International Data Privacy Law, 2015Co-Authors: Christopher KunerAbstract:Use of the term “extraterritorial” to describe the regulation of international transfers of personal Data in EU Data Protection Law has led to confusion about the scope of such regulation. Any distinction between extraterritoriality “in scope” and “in effect” has become meaningless. Extraterritoriality in EU regulation of international Data transfers is intrinsically neither good nor bad; rather, its appropriateness depends on how it is used and implemented. Regulation of international Data transfers in EU Data Protection Law tends to apply in a “black or white” fashion, without the safety valves necessary to prevent jurisdictional overreaching. This leads to increasing conflicts between EU Law and the Law of third countries. Attention should turn from deciding whether a particular exercise of jurisdiction is extraterritorial, to determining the conditions under which it can be appropriate. The controversy surrounding extraterritoriality illustrates the need to set boundaries to the application of EU Data Protection Law.
-
the european commission s proposed Data Protection regulation a copernican revolution in european Data Protection Law
2012Co-Authors: Christopher KunerAbstract:In the 18th century Immanuel Kant famously initiated a “Copernican revolution” in philosophy by shifting the understanding of reality away from external objects and towards the cognitive powers of the individual. The European Commission’s recent proposal for a General Data Protection Regulation attempts a similar revolution in European Data Protection Law by seeking to shift its focus away from paper-based, bureaucratic requirements and towards compliance in practice, harmonization of the Law, and individual empowerment. Indeed, the Proposed Regulation represents the most significant potential change to European Data Protection Law since adoption of the EU Data Protection Directive 95/46/EC in 1998. The final success of the Proposed Regulation will perhaps depend on three key factors, namely the effectiveness of the “lead DPA” concept; the operation of the consistency mechanism; and the ability of the Commission to issue delegated and implementing acts of high quality in a way that is timely and transparent and gives stakeholders an opportunity to provide input. If these three factors are realized, then it may work as designed to bring about a more harmonized level of Data Protection throughout the EU, and the benefits could be great for Data controllers, individuals, and the EU economy. But if they are weakened during the EU legislative process, or if member states and DPAs undermine them, then many of the other positive changes foreseen in the text may lose much of their effect. Only time will tell if the final result is a revolution that brings about lasting improvements.
-
internet jurisdiction and Data Protection Law an international legal analysis part 2
2010Co-Authors: Christopher KunerAbstract:Data Protection Law has been the subject of an increasing number of jurisdictional disputes, which have largely been driven by the ubiquity of the Internet, the interconnectedness of the global economy, and the growth of Data Protection Law around the world in recent years. There are also an increasing number of instances where Data Protection Law conflicts with legal obligations in other areas. Moreover, the rapid development of new computing techniques (such as so-called ‘cloud computing’) is putting even greater pressure on traditional jurisdictional theories. Jurisdictional uncertainties about Data Protection Law have important implications, since they may dissuade individuals and companies from engaging in electronic commerce, can prove unsettling for individuals whose personal Data are processed, and impose burdens on regulators. These difficulties are increased by the fact that, so far, there is no binding legal instrument of global application covering either jurisdiction on the Internet or Data Protection. This article examines international jurisdiction as it relates to Data Protection Law, and specifically to instances in which jurisdiction under Data Protection Law may be considered ‘exorbitant’, with a particular focus on rules of public international Law. This is part 2 of a two-part article.
-
Internet Jurisdiction and Data Protection Law: An International Legal Analysis (Part 1)
2010Co-Authors: Christopher KunerAbstract:Data Protection Law has been the subject of an increasing number of jurisdictional disputes, which have largely been driven by the ubiquity of the Internet, the interconnectedness of the global economy, and the growth of Data Protection Law around the world in recent years. There are also an increasing number of instances where Data Protection Law conflicts with legal obligations in other areas. Moreover, the rapid development of new computing techniques (such as so-called ‘cloud computing’) is putting even greater pressure on traditional jurisdictional theories. Jurisdictional uncertainties about Data Protection Law have important implications, since they may dissuade individuals and companies from engaging in electronic commerce, can prove unsettling for individuals whose personal Data are processed, and impose burdens on regulators. These difficulties are increased by the fact that, so far, there is no binding legal instrument of global application covering either jurisdiction on the Internet or Data Protection. This article examines international jurisdiction as it relates to Data Protection Law, and specifically to instances in which jurisdiction under Data Protection Law may be considered ‘exorbitant’, with a particular focus on rules of public international Law. This is part 1 of a two-part article.
-
The ‘Internal Morality’ of European Data Protection Law
SSRN Electronic Journal, 2008Co-Authors: Christopher KunerAbstract:The ideas of scholars such as HLA Hart and Lon Fuller raise fundamental issues about the nature of Law, the characteristics of a successful and efficient legal order, and the role of enforcement in ensuring that the Law functions correctly. These are precisely the types of questions that need to be raised about European Data Protection Law, which even European government ministries and Data Protection authorities (DPAs) have described as complicated, increasingly out-dated, and out of step with good regulatory practice.
Menno Mostert - One of the best experts on this subject based on the ideXlab platform.
-
big Data in medical research and eu Data Protection Law challenges to the consent or anonymise approach
European Journal of Human Genetics, 2016Co-Authors: Menno Mostert, Annelien L. Bredenoord, Monique C I H Biesaart, Johannes J. M. Van DeldenAbstract:Medical research is increasingly becoming Data-intensive; sensitive Data are being re-used, linked and analysed on an unprecedented scale. The current EU Data Protection Law reform has led to an intense debate about its potential effect on this processing of Data in medical research. To contribute to this evolving debate, this paper reviews how the dominant 'consent or anonymise approach' is challenged in a Data-intensive medical research context, and discusses possible ways forwards within the EU legal framework on Data Protection. A large part of the debate in literature focuses on the acceptability of adapting consent or anonymisation mechanisms to overcome the challenges within these approaches. We however believe that the search for ways forward within the consent or anonymise paradigm will become increasingly difficult. Therefore, we underline the necessity of an appropriate research exemption from consent for the use of sensitive personal Data in medical research to take account of all legitimate interests. The appropriate conditions of such a research exemption are however subject to debate, and we expect that there will be minimal harmonisation of these conditions in the forthcoming EU Data Protection Regulation. Further deliberation is required to determine when a shift away from consent as a legal basis is necessary and proportional in a Data-intensive medical research context, and what safeguards should be put in place when such a research exemption from consent is provided.
-
Big Data in medical research and EU Data Protection Law: challenges to the consent or anonymise approach
European Journal of Human Genetics, 2016Co-Authors: Menno Mostert, Annelien L. Bredenoord, Monique C I H Biesaart, Johannes J. M. Van DeldenAbstract:Big Data in medical research and EU Data Protection Law: challenges to the consent or anonymise approach
Paul De Hert - One of the best experts on this subject based on the ideXlab platform.
-
the proceduralisation of Data Protection remedies under eu Data Protection Law towards a more effective and Data subject oriented remedial system
Review of European Administrative Law, 2015Co-Authors: Antonella Galetta, Paul De HertAbstract:The proceduralisation of Data Protection remedies under EU Data Protection Law: towards a more effective and Data subject-oriented remedial system? The right to remedy breaches of Data Protection is laid down in both Directive 95/46/EC (Art. 22) and the Council of Europe Data Protection Convention no. 108 (Art. 8 (d)). Although Data Protection violations are remedied mainly at the national level, it is possible to identify a set of procedural rules on how to remedy Data Protection violations under EU Law. Currently, there is a three-layered remedial system in place (composed of access rights, the administrative system and the court system). Worthy of attention are the EU’s Data Protection reforms which will introduce new provisions aimed at ‘proceduralising’ Data Protection remedies. This paper investigates how Data Protection breaches are remedied in the EU and under EU Law in light of Directive 95/46/EC and the proposed reforms.
-
Reforming European Data Protection Law - Reforming European Data Protection Law
Law Governance and Technology Series, 2014Co-Authors: Serge Gutwirth, Ronald Leenes, Paul De HertAbstract:This book on privacy and Data Protection offers readers conceptual analysis as well as thoughtful discussion of issues, practices, and solutions. It features results of the seventh annual International Conference on Computers, Privacy, and Data Protection, CPDP 2014, held in Brussels January 2014. The book first examines profiling, a persistent core issue of Data Protection and privacy. It covers the emergence of profiling technologies, on-line behavioral tracking, and the impact of profiling on fundamental rights and values. Next, the book looks at preventing privacy risks and harms through impact assessments. It contains discussions on the tools and methodologies for impact assessments as well as case studies. The book then goes on to cover the purported trade-off between privacy and security, ways to support privacy and Data Protection, and the controversial right to be forgotten, which offers individuals a means to oppose the often persistent digital memory of the web. Written during the process of the fundamental revision of the current EU Data Protection Law by the Data Protection Package proposed by the European Commission, this interdisciplinary book presents both daring and prospective approaches. It will serve as an insightful resource for readers with an interest in privacy and Data Protection.
-
reforming european Data Protection Law
Reforming European Data Protection Law, 2014Co-Authors: Serge Gutwirth, Ronald Leenes, Paul De HertAbstract:This book on privacy and Data Protection offers readers conceptual analysis as well as thoughtful discussion of issues, practices, and solutions. It features results of the seventh annual International Conference on Computers, Privacy, and Data Protection, CPDP 2014, held in Brussels January 2014. The book first examines profiling, a persistent core issue of Data Protection and privacy. It covers the emergence of profiling technologies, on-line behavioral tracking, and the impact of profiling on fundamental rights and values. Next, the book looks at preventing privacy risks and harms through impact assessments. It contains discussions on the tools and methodologies for impact assessments as well as case studies. The book then goes on to cover the purported trade-off between privacy and security, ways to support privacy and Data Protection, and the controversial right to be forgotten, which offers individuals a means to oppose the often persistent digital memory of the web. Written during the process of the fundamental revision of the current EU Data Protection Law by the Data Protection Package proposed by the European Commission, this interdisciplinary book presents both daring and prospective approaches. It will serve as an insightful resource for readers with an interest in privacy and Data Protection.
-
accountability and system responsibility new concepts in Data Protection Law and human rights Law
Managing privacy through accountability, 2012Co-Authors: Paul De HertAbstract:The principle of accountability is one of the features of current reform proposals of the EU Data Protection Regime and it is called upon to enhance the current responsibilities of Data controllers. This contribution will first look at a possible definition of the principle, then turn to its application in the area of Data Protection Law, and finally turn to European human rights Law. In Data Protection Law the principle of accountability is available to complement existing regulatory policies with the aim of making organisations more actively responsible for their information practices. There is far from universal agreement that the principle itself should be reformed. Some have questioned the integrity of some of the accountability pleas and regard them as new arguments by those that advocate self-regulation of firms so as to avoid being caught by binding regulation.
Michael Friedewald - One of the best experts on this subject based on the ideXlab platform.
-
Open consent, biobanking and Data Protection Law: can open consent be ‘informed’ under the forthcoming Data Protection regulation?
Life Sciences Society and Policy, 2015Co-Authors: Dara Hallinan, Michael FriedewaldAbstract:This article focuses on whether a certain form of consent used by biobanks – open consent – is compatible with the Proposed Data Protection Regulation. In an open consent procedure, the biobank requests consent once from the Data subject for all future research uses of genetic material and Data. However, as biobanks process personal Data, they must comply with Data Protection Law. Data Protection Law is currently undergoing reform. The Proposed Data Protection Regulation is the culmination of this reform and, if voted into Law, will constitute a new legal framework for biobanking. The Regulation puts strict conditions on consent – in particular relating to information which must be given to the Data subject. It seems clear that open consent cannot meet these requirements. 4 categories of information cannot be provided with adequate specificity: purpose, recipient, possible third country transfers, Data collected. However, whilst open consent cannot meet the formal requirements laid out by the Regulation, this is not to say that these requirements are substantially undebateable. Two arguments could be put forward suggesting the applicable consent requirements should be rethought. First, from policy documents regarding the drafting process, it seems that the informational requirements in the Regulation are so strict in order to protect the Data subject from risks inherent in the use of the consent mechanism in a certain context – exemplified by the online context. There are substantial differences between this context and the biobanking context. Arguably, a consent transaction in the biobanking does not present the same type of risk to the Data subject. If the risks are different, then perhaps there are also grounds for a reconsideration of consent requirements? Second, an argument can be made that the legislator drafted the Regulation based on certain assumptions as to the nature of ‘Data’. The authors argue that these assumptions are difficult to apply to genetic Data and accordingly a different approach to consent might be preferable. Such an approach might be more open consent friendly.
-
open consent biobanking and Data Protection Law can open consent be informed under the forthcoming Data Protection regulation
Life Sciences Society and Policy, 2015Co-Authors: Dara Hallinan, Michael FriedewaldAbstract:This article focuses on whether a certain form of consent used by biobanks – open consent – is compatible with the Proposed Data Protection Regulation. In an open consent procedure, the biobank requests consent once from the Data subject for all future research uses of genetic material and Data. However, as biobanks process personal Data, they must comply with Data Protection Law. Data Protection Law is currently undergoing reform. The Proposed Data Protection Regulation is the culmination of this reform and, if voted into Law, will constitute a new legal framework for biobanking. The Regulation puts strict conditions on consent – in particular relating to information which must be given to the Data subject. It seems clear that open consent cannot meet these requirements. 4 categories of information cannot be provided with adequate specificity: purpose, recipient, possible third country transfers, Data collected. However, whilst open consent cannot meet the formal requirements laid out by the Regulation, this is not to say that these requirements are substantially undebateable. Two arguments could be put forward suggesting the applicable consent requirements should be rethought. First, from policy documents regarding the drafting process, it seems that the informational requirements in the Regulation are so strict in order to protect the Data subject from risks inherent in the use of the consent mechanism in a certain context – exemplified by the online context. There are substantial differences between this context and the biobanking context. Arguably, a consent transaction in the biobanking does not present the same type of risk to the Data subject. If the risks are different, then perhaps there are also grounds for a reconsideration of consent requirements? Second, an argument can be made that the legislator drafted the Regulation based on certain assumptions as to the nature of ‘Data’. The authors argue that these assumptions are difficult to apply to genetic Data and accordingly a different approach to consent might be preferable. Such an approach might be more open consent friendly.
