Data Protection Around the World: Privacy Laws in Action
9462654069, 9789462654068
This book provides a snapshot of privacy laws and practices from a varied set of jurisdictions in order to offer guidanc
369
115
3MB
English
Pages 279
[288]
Year 2020
Report DMCA / Copyright
DOWNLOAD PDF FILE
Table of contents :
Series Information
Editorial Office
Preface
Contents
Editor and Contributors
1 Data Protection Around the World: An Introduction
1.1 Introduction
1.2 Overview
References
2 Data Protection Around the World: Belgium
2.1 Background
2.2 The Belgian Data Protection Landscape Pre-GDPR
2.2.1 The Belgian Constitution
2.3 Data Protection Act of 1992
2.3.1 Secretary of State for Privacy
2.3.2 Prominent Data Protection Authority
2.4 New GDPR-Related Issues
2.4.1 Belgium’s Federal Structure
2.4.2 Legal Basis of Data Processing Activities
2.4.3 Exercising Data Protection Rights Online
2.4.4 Interpretations in the Belgian Implementation Law
2.5 Data Protection Disputes in Belgium
2.5.1 SWIFT and the Terrorist Finance Tracking Program
2.5.2 Belgian DPA Versus Facebook
2.6 GDPR Forecast
References
3 Data Protection in Estonia
3.1 Data Protection Regulations and Case Law in Estonian Jurisdiction: Origin and Development of Estonian Data Protection Related Legislation and the Personal Data Protection Act
3.1.1 Introduction
3.1.2 The History of the Estonian Data Protection Inspectorate
3.1.3 The Latest Estonian Data Protection Legislation Related to the GDPR
3.1.4 Data Protection Case Law Within Estonian Jurisdiction
3.2 Interaction Between Estonian Data Protection Legislation and the GDPR—Similarities and Differences
3.2.1 Similarities of the GDPR and the Estonian Jurisdiction
3.2.2 Differences Between the GDPR and the Estonian Jurisdiction
3.3 The Most Prominent Issues in the Estonian Jurisdiction Regarding Data Protection Regulations: eGovernance and National Databases in Conjunction with the GDPR
3.3.1 Introduction
3.3.2 The Application and Possibilities of the “Once-Only” Principle in Light of the GDPR
3.3.3 Legal Bases for Personal Data Processing: GDPR Art 6 Interaction with Pre-GDPR Conditions in Estonia
3.3.4 The Estonian Electronic Communications Act and Data Retention
3.3.5 The Data Retention Directive
3.4 Application of the GDPR in the Jurisdiction of Estonia
3.4.1 GDPR Application in Estonia: Will the Enormous Fines for Data Breaches Make Data Controllers and Processors in Estonia Take Personal Data Protection and Privacy Issues and Requirements More Seriously?
3.4.2 The GDPR—Data Protection Awareness-Raising Masterpiece?
3.4.3 Let’s Clean up the Room: GDPR Implementing Regulation in Estonia. Will It Solve All the Questions?
References
4 GDPR in France: A Lot of Communication for a Jurisdiction Well Experienced in the Protection of Personal Data
4.1 An Update of the Existing Protection of Personal Data Needed with the Application of the GDPR in France
4.1.1 An Accelerated Procedure of Adoption of the GDPR in France and a Few Changes in the Law of 1978
4.1.2 More Competencies for the CNIL and a Better Defined Territorial Application
4.2 Precisions Given to the Processing of Sensitive Information and Derogations
4.2.1 Legislation and Practice Before 2018 on the Protection of Personal Data
4.3 The Initiative of Protecting Personal Data and Facing the Administrative Necessity of Simplification
4.4 Early Initiative and Late Involvement for a European Harmonization of France
4.5 Attention on the Most Sensitive Data to Be Under Special Regimes (Police, Justice, Secret Services)
4.6 A Structure of the “Informatique et Libertés” Law in 1978 in Compliance with the French Constitutional and Administrative Law
4.7 The Main Rights of Citizens Are Recognized by the French Legislation
4.8 Incomplete Harmonization of the Rules and Procedures Between Databases of the Private and Public Sectors
4.9 Personal Data Officer to Data Protection Officer
4.10 Changes Brought by the GDPR to the French Legal Framework
4.10.1 Limited Modifications to the Law of 1978 Towards More Administrative Simplifications
4.11 Powers of the CNIL Clarified and Strengthened
4.11.1 Controversies and Pending Issues of the Protection of Data in France
4.12 First Year of Application of the GDPR in France: Plans to Rewrite Entirely the 1978 Informatique et Libertés Law, Exceptionally High Number of Complaints, and Substantial Cooperation with Other Authorities Protecting Personal Data in the European Union
References
5 Current Data Protection Regulations and Case Law in Greece: Cash as Personal Data, Lengthy Procedures, and Technologies Subjected to Courts’ Interpretations
5.1 Introduction
5.1.1 Cash as Personal Data (And Several “Errors with Manifest Impact” on the System)
5.1.2 Balancing Interests: It Might Take a Long Time
5.1.3 Exercising the Right to Access (Might Take a Long Time Too)
5.1.4 Smart Phones as Filing Systems
5.1.5 Conclusions
5.2 Ways in Which the GDPR Interacts with the Greek Jurisdiction: Towards an Agreement on the Basics?
5.2.1 Introduction
5.2.2 Control and Consent Versus the Free Flow
5.2.3 Emerging Technologies: A Need to Agree on the Basics?
5.2.4 Conclusions
5.3 Most Prominent Issues in Greek Jurisdiction Regarding Data Protection Regulations: Ignorance, Confusion and Misleading
5.3.1 Introduction
5.3.2 E-Reality at Stake
5.3.3 What Do People Know?
5.3.4 Intentions to Mislead
5.3.5 Some Ethical Conclusions
5.4 The GDPR’s Potential in Greece: Data Portability as a Means to Enhance Transparency, Accountability, and Trustworthiness
5.4.1 Introduction
5.4.2 User-Centric Platforms to Enforce Transparency, Accountability, and Trustworthiness
5.4.3 Conclusion
References
6 Privacy and Personal Data Protection in Indonesia: The Hybrid Paradigm of the Subjective and Objective Approach
6.1 Introduction
6.2 Global Discussion of Privacy Laws and Lessons Learned for Indonesia
6.3 Legal Framework
6.3.1 Indonesian Constitution and Privacy
6.3.2 Privacy in Indonesian Human Rights Law
6.3.3 Privacy as Secrecy of Personal Life Excluding Public Information for Public Interest
6.4 Comparative Study of the European GDPR with the Indonesian Legal System
6.5 Prominent Issues Regarding Personal Data Protection and Online Digital Identity in Indonesia
6.5.1 Spamming or Commercial Promotion
6.5.2 Regarding the Right to Erasure Versus Freedom of the Press
6.5.3 Personal Data Protection Versus Citizen Administration
6.5.4 Authentication of GSM Card Number on Population Data
6.5.5 Searching for Someone’s Financial Information in the Context of Tax Search Interests
6.5.6 Fintech Misuse of Contact Number for Harassment Because of Bad Debt
6.6 Implication of GDPR Implementation for Indonesia
6.7 Conclusion
6.8 Recommendations
References
7 Data Protection Regulation in the Netherlands
7.1 Introduction
7.2 General Comprehensive Personal Data Protection
7.3 Sector Specific Requirements
7.3.1 The Data Protection Law Enforcement Directive
7.3.2 The E-Privacy Directive
7.3.3 The Dutch Personal Records Database Act
7.4 On the Interaction of the GDPR with National Legislation in the Netherlands
7.5 Key Challenges and Developments in Relation to Data Protection Legislation in the Netherlands
7.5.1 Use of Data Subject Access Rights as Supplemental e-Discovery Instruments
7.5.2 Data Transfers Outside the EU
7.5.3 Processing Employee Data Works Council
7.6 The GDPR and the Dutch National Jurisdiction Insights
7.6.1 Data Subject Access Rights as Extrajudicial E-Discovery Instruments
7.6.2 Data Transfers Outside the EU
7.6.3 Processing Employee Data Works Council
References
8 The GDPR Influence on the Tanzanian Data Privacy Law and Practice
8.1 Introduction
8.2 Approach and Main Features of the GDPR
8.3 The Tanzanian Data Protection Law Landscape
8.3.1 The Context
8.4 The Regime of Data Protection Law
8.4.1 The Constitutional Right to Privacy
8.4.2 Statutory Law for Protection of Personal Data
8.5 The GDPR Influence on Tanzanian Law Reform
8.6 Conclusion
References
9 Data Protection Around the World: Turkey
9.1 Introduction and an Overview of the Turkish Data Protection Law
9.1.1 Introduction
9.1.2 Data Protection Legislation in Turkey
9.1.3 Case Law
9.2 How Does the GDPR Interact with Turkish Jurisdiction?
9.2.1 Field of Application and Terms
9.2.2 Principles and Exceptions
9.2.3 Rights, Duties and Remedies
9.3 Prominent Issues
9.3.1 Frequent Use of Personal Data
9.3.2 Activities of the DPA
9.3.3 The Nature of the DPA
9.4 Application of the GDPR in Turkey
9.4.1 Extraterritoriality of the GDPR
9.4.2 Turkey’s Harmonisation with the EU and the GDPR
9.5 Conclusion
References
10 The United States and the EU’s General Data Protection Regulation
10.1 Privacy and Data Protection Regulation in the United States
10.1.1 The Fourth Amendment
10.1.2 Sectoral Laws
10.1.3 Privacy Torts
10.1.4 The Federal Trade Commission
10.2 The Interaction of the GDPR and U.S. Law
10.2.1 The Right to Be Forgotten
10.2.2 RTBF and the First Amendment
10.3 Prominent Issues in U.S. Privacy and Data Protection Law
10.3.1 Privacy Harms
10.3.2 Data Breaches
10.4 The Effect of the GDPR on Privacy and Data Protection in the United States: Resolving Issues or Making Things Worse?
10.4.1 Spillover Effects of GDPR Compliance
10.5 Conclusion
References
11 European Laws’ Effectiveness in Protecting Personal Data
11.1 Introduction
11.2 The Concept of Privacy
11.3 The Notion of Consent
11.4 Tracking and Targeting
11.5 Obligations of Digital Enterprises
11.6 Concluding Remarks
References
12 Data Protection Around the World: Future Challenges
12.1 An Overview of Future Challenges
12.2 Automated Decision-Making and Artificial Intelligence
12.3 Face Recognition and Video Processing
12.4 The COVID-19 Pandemic and Contact Tracing Apps
12.5 Upcoming Challenges
12.6 Concluding Remarks
References