Datafication 1 Flashcards
(23 cards)
Primary law - definition
= constitution prescribing limits & procedures (for secondary law)
= operating system on which secondary law runs
Primary law - examples
- Treaty on the EU (TEU)
- Treaty on the Functioning of the EU (TFEU)
- The Charter of Fundamental Rights of EU
- General principles of Union law, e.g. those reflected through case law
Secondary law - definition
= written laws
implementation & direct effect
Secondary law - examples
- International agreements
- Legislation:
- Regulations (GDPR)
- Directives
- Decisions
Art. 288 TFEU: secondary law instruments
Regulation, Directive, Decision, Recommendation & Opinions
Regulation
- general application
- binding
- directly applicable (in all Member States)
Art. 288 TFEU: secondary law instruments
Directive
- binding in result (for each Member State)
- form & method chosen by national authorities
Art. 288 TFEU: secondary law instruments
Decision
- binding
- if specifies to whom it is addressed, only binding on them
Art. 288 TFEU: secondary law instruments
Recommendation & Opinions
- not binding
Art. 288 TFEU: secondary law instruments
Privacy
Claim of individuals, groups, or institutions to determine when, how and to what extent information about them is communicated to others
fundamental right, but not absolute: matter of balancing legitimate interests incl.
- a) public e.g. national security,
- b) other laws &
- c) fundamental rights (necessary in democracy) e.g. freedom of expression &right to information (uncover an affair)
Charter of Fundamental Rights of EU
summary of all fundamental rights decided in EU
Rights included in Charter of Fundamental Rights of EU related to GDPR
Article 7: Right to respect for a private & family life, home & communications
Article 8: Right of…
- protection of personal data,
- fair processing for specified purposes & on basis of consent or other legitimate basis,
- access to data,
- rectification (control by independent authority)
Value of Personal Data
- Personal data = value only if used
- Advertisement = paying for service of consumer (with money), consumer as product fort hem
- Consumer = paying with attention & agency (personal data = abstract, no friction, re-usable)
GDPR: relation to Member states & general characteristics
- since 2016 (in force 2018, replaced Data Protection Directive)
- Regulation: general application, binding & directly applicable (in all Member States)
- in Member States: sector regulation in defined areas (e.g. employment law)
- Principle of Priority: GDPR over conflicting national legislation (incl. sector regu.)
- Delegated Acts: EU Commission & EU Data Protection Board adopt delegated & implementing acts in certain areas
Pro GDPR
- strengthen individuals fundamental rights
- clarifying rules for companies
- reduce administrative burdens
- eliminate fragmentation in national systems
Con GDPR
- compliance complicated & costly
- cookies e.g. people don’t read
Principals of GDPR
6 Principals:
- Legitimacy
- Transparency
- Security
- Accountability
- Empowerment
- Proportionality
Principal of GDPR: Legitimacy
data controller must pursue a legitimate purpose (considering interest of data subjects, 3rd parties & public) in a fair & careful manner
Principal of GDPR: Transparency
data subject must have information about data controller & processing; be able to understand its rights & implementation of processing (information not always = transparency), necessary for accountability & empowerment
Principal of GDPR: Security
data controller must implement appropriate technical & organizational measures (e.g. data minimization, storage limitation, anonymization, pseudonymization) to ensure level of security appropriate to the risk (to safeguard against unauthorized or unlawful processing & accidental loss, destruction, or damage)
Principal of GDPR: Accountability
Data controller must be able to demonstrate compliance with GDPR (e.g. record of processing activities, carrying out data protection impact assessment, ensuring data protection by design & default)
Principal of GDPR: Empowerment
data subject is in control (not absolute) of what data concerning it can lawfully be processed (incl. means of consent, rights of access, rectification, erasure & objection, e.g. consent)
Principal of GDPR: Proportionality
protection of personal data including data controllers’ obligations & need of consent is relative to legitimate purpose pursued & impact on data subjects right to privacy (including nature, scope, context & purpose of processing), Art. 5: principals of data minimization & storage limitation
