This article focuses on whether a certain form of consent used by biobanks – open consent – is compatible with the Proposed Data Protection Regulation. In an open consent procedure, the biobank requests consent once from the data subject for all future research uses of genetic material and data. However, as biobanks process personal data, they must comply with data protection law. Data protection law is currently undergoing reform. The Proposed (...) class='Hi'>Data Protection Regulation is the culmination of this reform and, if voted into law, will constitute a new legal framework for biobanking. The Regulation puts strict conditions on consent – in particular relating to information which must be given to the data subject. It seems clear that open consent cannot meet these requirements. 4 categories of information cannot be provided with adequate specificity: purpose, recipient, possible third country transfers, data collected. However, whilst open consent cannot meet the formal requirements laid out by the Regulation, this is not to say that these requirements are substantially undebateable. Two arguments could be put forward suggesting the applicable consent requirements should be rethought. First, from policy documents regarding the drafting process, it seems that the informational requirements in the Regulation are so strict in order to protect the data subject from risks inherent in the use of the consent mechanism in a certain context – exemplified by the online context. There are substantial differences between this context and the biobanking context. Arguably, a consent transaction in the biobanking does not present the same type of risk to the data subject. If the risks are different, then perhaps there are also grounds for a reconsideration of consent requirements? Second, an argument can be made that the legislator drafted the Regulation based on certain assumptions as to the nature of ‘data’. The authors argue that these assumptions are difficult to apply to genetic data and accordingly a different approach to consent might be preferable. Such an approach might be more open consent friendly. (shrink)

This book on privacy and data protection offers readers conceptual analysis as well as thoughtful discussion of issues, practices, and solutions. It features results of the seventh annual International Conference on Computers, Privacy, and Data Protection, CPDP 2014, held in Brussels January 2014. The book first examines profiling, a persistent core issue of data protection and privacy. It covers the emergence of profiling technologies, on-line behavioral tracking, and the impact of profiling on fundamental rights (...) and values. Next, the book looks at preventing privacy risks and harms through impact assessments. It contains discussions on the tools and methodologies for impact assessments as well as case studies. The book then goes on to cover the purported trade-off between privacy and security, ways to support privacy and data protection, and the controversial right to be forgotten, which offers individuals a means to oppose the often persistent digital memory of the web. Written during the process of the fundamental revision of the current EU data protection law by the Data Protection Package proposed by the European Commission, this interdisciplinary book presents both daring and prospective approaches. It will serve as an insightful resource for readers with an interest in privacy and data protection. (shrink)

Since the 1970s and more rigorously since the 1990s, many countries have regulated data protection and privacy laws in order to ensure the safety and privacy of personal data. First, a comparison is made of different acts regarding genetic information that are in force in the EU, the USA, and China. In Turkey, changes were adopted only recently following intense debates. This study aims to explore the experts’ opinions on the regulations of the health information systems, (...) class='Hi'>data security, privacy, and confidentiality in Turkey, with a particular focus on genetic data, which is more sensitive than other health data as it is a permanent identifier that is inherited to next of kin and shared with other family members. Two focus groups with 18 experts and stakeholders were conducted, discussing topics such as central data collection, legalized data sharing, and the management of genetic information in health information systems. The article concludes that the new Turkish personal data protection law is problematic as the frame of collectible data is wide-ranging, and the exceptions are extensive. Specific laws or articles dedicated to genetic data that also overlook the dimension of discrimination based on genetic differences in Turkey should be taken into consideration. In broader terms, it is intended to put up for discussion that in addition to ethical aspects, economic aspects and legal aspects of health should be included in the discussion to be carried out within the framework of socio-political analyses with culture-specific approaches and cross-culture boundaries simultaneously. (shrink)

Susser and Cabrera (2024) assess the role of bespoke neuro-privacy regulations including the creation of a novel right to mental privacy. They argue that focusing on what distinguishes mental priva...

The aim of the article is to explain the relationship between the ethical evaluation of scientific research involving personal data and the assessment of compliance with data protection law. The article presents the mutual relationship between the protection of personal data and scientific activity from a dogmatic perspective, the legal regulation of the processing of personal data in scientific research, and the so-called research exceptions that apply when data are processed for scientific research. (...) It also covers the importance of meeting the ethical requirements of scientific research in order to profit from the indicated exceptions. Finally, it provides a comparison between the ethical and the legal systems of personal data protection in research (objectives, criteria, authorities, and procedures). (shrink)

Biobanking in Europe has made major steps towards harmonization and shared standards for the collection and processing of data and samples stored in biobanks. Still, biobanks and researchers face substantial legal difficulties in the field of data protection and sample management. Data protection law was harmonized almost 15 years ago while rights in samples fall under the competence of the Member States of the EU. Despite the Data Protection Directive the field of (...) class='Hi'>data protection shows a substantial degree of deviation as public health was excluded from the harmonization. Biobanks seem to have substantially fewer difficulties to cope with in terms of the legal requirements in the field of sample management. This paper discusses the legal framework, experiences of different biobanks in Europe and potential ways forward. It also highlights the need for a health economic analysis of the costs and benefits of privacy protection in Europe. At the moment, policymakers seem to build their decisions on an insufficient evidence base which underestimates the potential value of biobanks for European public health. Within the past few years little progress has been achieved with regards to the development of a unified legal framework in Europe, The diversity in the legal system is also reflected in the different approaches of ethics committees towards biobanking. To secure the responsible and effective use of data and samples, more efforts are needed to come up with pathways for a solution. (shrink)

This volume brings together papers that offer conceptual analyses, highlight issues, propose solutions, and discuss practices regarding privacy and data protection. The first section of the book provides an overview of developments in data protection in different parts of the world. The second section focuses on one of the most captivating innovations of the data protection package: how to forget, and the right to be forgotten in a digital world. The third section presents studies (...) on a recurring, and still important and much disputed, theme of the Computers, Privacy and Data Protection (CPDP) conferences : the surveillance, control and steering of individuals and groups of people and the increasing number of performing tools (data mining, profiling, convergence) to achieve those objectives. This part is illustrated by examples from the domain of law enforcement and smart surveillance. The book concludes with five chapters that advance our understanding of the changing nature of privacy (concerns) and data protection. (shrink)

Clicks, comments, transactions, and physical movements are being increasingly recorded and analyzed by Big Data processors who use this information to trace the sentiment and activities of markets and voters. While the benefits of Big Data have received considerable attention, it is the potential social costs of practices associated with Big Data that are of interest to us in this paper. Prior research has investigated the impact of Big Data on individual privacy rights, however, there is (...) also growing recognition of its capacity to be mobilized for surveillance purposes. Our paper delineates the underlying issues of privacy and surveillance and presents them as in tension with one another. We postulate that efforts at controlling Big Data may create a trade-off of risks rather than an overall improvement in data protection. We explore this idea in relation to the principles of the European Union’s General Data Protection Regulation as it arguably embodies the new ‘gold standard’ of cyber-laws. We posit that safeguards advocated by the law, anonymization and pseudonymization, while representing effective counter measures to privacy concerns, also incentivize the use, collection, and trade of behavioral and other forms of de-identified data. We consider the legal status of these ownerless forms of data, arguing that data protection techniques such as anonymization and pseudonymization raise significant concerns over the ownership of behavioral data and its potential use in the large-scale modification of activities and choices made both on and offline. (shrink)

Open science has recently gained traction as establishment institutions have come on-side and thrown their weight behind the movement and initiatives aimed at creation of information commons. At the same time, the movement's traditional insistence on unrestricted dissemination and reuse of all information of scientific value has been challenged by the movement to strengthen protection of personal data. This article assesses tensions between open science and data protection, with a focus on the GDPR.

The Data Protection Act 1998 presents a number of significant challenges to data controllers in the health sector. To assist data controllers in understanding their obligations under the act, the Information Commissioner has published guidance, The Use and Disclosure of Health Data, which is reproduced here. The guidance deals, among other things, with the steps that must be taken to obtain patient data fairly, the implied requirements of the act to use anonymised or psuedonymised (...) data where possible, an exemption applicable principally to records based research, the right of patients to object to the processing of their data, and the interface of the act and the common law duty of confidence. (shrink)

Recent algorithmic technologies have challenged law’s anthropocentric assumptions. In this article, we develop a set of theoretical tools drawn from new materialisms and the philosophy of information to unravel the complex intra-actions between law and computer code. Accordingly, we first propose a framework for understanding the enmeshing of law and code based on a diffractive reading of Barad’s agential realism and Simondon’s theory of information. We argue that once law and code are understood as material entities that intra-act through in-formation, (...) the concept of transduction allows us to trace how they push each other towards change. After developing the theoretical tools, we deploy them to make sense of how law and code have changed in response to increasing automation of decision-making and the appearance of unexplainable artificial intelligence (AI) code. Thus, we employ a case study to trace transformations of the right to explanation under the European data protection regulations. This provides the backdrop for our account of how law transduces into code (and vice versa) and a proving ground for our framework. (shrink)

Since approval of the EU General Data Protection Regulation (GDPR) in 2016, it has been widely and repeatedly claimed that the GDPR will legally mandate a ‘right to explanation’ of all decisions made by automated or artificially intelligent algorithmic systems. This right to explanation is viewed as an ideal mechanism to enhance the accountability and transparency of automated decision-making. However, there are several reasons to doubt both the legal existence and the feasibility of such a right. In contrast (...) to the right to explanation of specific automated decisions claimed elsewhere, the GDPR only mandates that data subjects receive meaningful, but properly limited, information (Articles 13-15) about the logic involved, as well as the significance and the envisaged consequences of automated decision-making systems, what we term a ‘right to be informed’. Further, the ambiguity and limited scope of the ‘right not to be subject to automated decision-making’ contained in Article 22 (from which the alleged ‘right to explanation’ stems) raises questions over the protection actually afforded to data subjects. These problems show that the GDPR lacks precise language as well as explicit and well-defined rights and safeguards against automated decision-making, and therefore runs the risk of being toothless. We propose a number of legislative and policy steps that, if taken, may improve the transparency and accountability of automated decision-making when the GDPR comes into force in 2018. (shrink)

Upon Brexit, the United Kingdom chose to follow the path of EU data protection and remain tied to the requirements of the General Data Protection Regulation (GDPR). It even enacted the GDPR into its domestic law. This Article evaluates five models relating to preference change, demonstrating how they identify different dimensions of Brexit while providing a rich explanation of why a legal system may or may not reject an established transnational legal order. While market forces and (...) a “Brussels Effect” played the most significant role in the decision of the UK government to accept the GDPR, important nonmarket factors were also present in this choice. This Article’s models of preference change are also useful in thinking about the likely extent of the UK’s future divergence from EU data protection. (shrink)

Answering important public health questions often requires collection of sensitive information about individuals. For example, our understanding of how HIV is transmitted and how to prevent it only came about with people's willingness to share information about their sexual and drug-using behaviors. Given the scientific need for sensitive, personal information, researchers have a corresponding ethical and legal obligation to maintain the confidentiality of data they collect and typically promise in consent forms to restrict access to it and not to (...) publish identifying data.The interests of others, however, can threaten researchers' promises of confidentiality when legal demands are made to access research data. In some cases, the subject of the litigation is tightly connected to the research questions, and litigants' interest in the data is not surprising. Researchers conducting studies on tobacco or occupational or other chemical exposures, for example, are relatively frequent targets of subpoenas. (shrink)

Risk management is a well-known method to face technological challenges through a win–win combination of protective and proactive approaches, fostering the collaboration of operators, researchers, regulators, and industries for the exploitation of new markets. In the field of autonomous and unmanned aerial systems, or UAS, a considerable amount of work has been devoted to risk analysis, the generation of ground risk maps, and ground risk assessment by estimating the fatality rate. The paper aims to expand this approach with a tool (...) for managing data protection risks raised by drones through the design of flight maps. The tool should allow UAS operators choosing the best air corridor for their drones based on the so-called privacy by design principle pursuant to Article 25 of the EU data protection regulation, the GDPR. Among the manifold applications of this approach, the design of fly zones for drones can be tailored for public authorities in the phase of authorization of new operations, much as for national Data Protection authorities that have to control the lawfulness of personal data processing by UAS operations. The overall aim is to present the first win–win approach to data protection issues, aerospace engineering challenges, and risk management methods for the threats posed by this technology. (shrink)

The power exercised by technology companies is attracting the attention of policymakers, regulatory bodies and the general public. This power can be categorized in several ways, ranging from the “soft power” of technology companies to influence public policy agendas to the “market power” they may wield to exclude equally efficient competitors from the marketplace. This Article is concerned with the “data power” exercised by technology companies occupying strategic positions in the digital ecosystem. This data power is a multifaceted (...) power that may overlap with economic (market) power but primarily entails the power to profile and the power to influence opinion formation. While the current legal framework for data protection and privacy in the EU imposes constraints on personal data processing by technology companies, it ostensibly does so without regard to whether or not they have “data power.” This Article probes this assumption. It argues that although this legal framework does not explicitly impose additional legal responsibilities on entities with “data power,” it provides a clear normative indication to do so. The volume and variety of data and the reach of data-processing operations seem to be relevant when assessing both the extent of obligations on technology companies and the impact of data processing on individual rights. The Article suggests that this finding provides the normative foundation for the imposition of a “special responsibility” on such firms, analogous to the “special responsibility” imposed by competition law on dominant companies with market power. What such a “special responsibility” might entail in practice will be briefly outlined and relevant questions for future research will be identified. (shrink)

This book is about power and freedoms in our technological world and has two main objectives. The first is to demonstrate that a theoretical exploration of the algorithmic governmentality hypothesis combined with the capability approach is useful for a better understanding of power and freedoms in Ambient Intelligence, a world where information and communication technologies are invisible, interconnected, context aware, personalized, adaptive to humans and act autonomously. The second is to argue that these theories are useful for a better comprehension (...) of privacy and data protection concepts and the evolution of their regulation. Having these objectives in mind, the book outlines a number of theses based on two threads: first, the elimination of the social effects of uncertainty and the risks to freedoms and, second, the vindication of rights. Inspired by and building on the outcomes of different philosophical and legal approaches, this book embodies an effort to better understand the challenges posed by Ambient Intelligence technologies, opening paths for more effective realization of rights and rooting legal norms in the preservation of the potentiality of human capabilities. (shrink)

In the early 1970s, Congress considered enacting comprehensive privacy legislation, but it was unable to do so. In 1974, it passed the Privacy Act, applicable only to information in the possession of the federal government. In the intervening years, other information privacy laws enacted by Congress, such as the Health Insurance Portability and Accountability Act, have been weak and sector specific. With the explosion of information technology and the growing concerns about an absence of effective federal privacy laws, the legal (...) focus has shifted to the states. Signaling a new direction in state data privacy and consumer protection law, the California Consumer Privacy Act establishes important rights and protections for California residents with regard to the collection, use, disclosure, and sale of their personal information. The CCPA is certain to spur similar legislation and to affect national and international businesses that collect data from California's residents. Understanding the new law is important for all data‐driven industries, including health care. (shrink)

Concerns have been raised around the alleged commercialisation of South African genetic material by various research institutes nationally and abroad. We consider whether the Protection of Personal Information Act in South Africa will conflict with or complement existing protections in health law and research ethics. The Act is not applicable to de‐identified samples that cannot be re‐identified but we question whether genetic samples can ever be truly de‐identified. The research participants in this matter provided consent for use of their (...) samples for research but did not consent to commercialisation by global research institutions, and neither did the researchers. We suggest that consent models incorporating broad consent as an option should include explicit discussions around benefit sharing and commercialisation. Mistrust between researchers and participants impedes scientific research and can harm relationships built up over the years between South African researchers and local communities. (shrink)

Article 12 of the General Data Protection Regulation (GDPR) requires data controllers to provide data subjects with any information relating to data processing operations “in a concise, transparent, intelligible and easily accessible form, using clear and plain language.” Linguistic inclusivity of privacy policies is no longer a matter of style, but has been a binding legal requirement under the new data protection framework. Article 5 GDPR sets forth the requirements of lawfulness, fairness and (...) transparency and prohibits any data processing operations which do not meet the standards of specification, explicitness and legitimacy of processing purposes [ 29 ]. In this study, a quantitative and qualitative analysis of linguistic indeterminacy in a corpus of 350 online privacy policies is presented and it is argued that a considerable number of data controllers continue to make use of strategic vagueness in the context of purpose limitation, therefore potentially prejudicing compliance with the GDPR. A legal-linguistic perspective on the current challenges of informed consent in European data protection law is provided. Finally, it is concluded that while the GDPR has contributed significantly to the linguistic empowerment of the data subject, the framework fails to satisfy the expectation of creating a participatory culture (see [ 36 ]) with a high degree of informational self-determination. (shrink)

The corona pandemic altered many traditional and historical norms of society and law. COVID-19 created a humanitarian crisis in some parts of globe, while pandemic privacy and civil liberties were under threat all over world. To combat the deadly virus, individual liberty and equality were compromised. This paper focuses on how India’s health problem has compromised people’s right to privacy. It will highlight how strict executive policies led to the creation of a massive surveillance system in the name of combating (...) the COVID-19 pandemic, as well as how the absence of any policy or legal framework led to the exclusion of individuals and their families who were suspected of having the virus or caring for those who were infected with the deadly virus. The paper uses case studies and data collected from primary as well as secondary sources. The authors will also point out how the absence of privacy regulation puts millions of citizens’ private information at risk of being compromised or exploited against their will. (shrink)

The General Data Protection Regulation is a European Union regulation that will replace the existing Data Protection Directive on 25 May 2018. The most significant change is a huge increase in the maximum fine that can be levied for breaches of the regulation. Yet fewer than half of UK companies are fully aware of GDPR—and a number of those who were preparing for it stopped doing so when the Brexit vote was announced. A last-minute rush to (...) become compliant is therefore expected, and numerous companies are starting to offer advice, checklists and consultancy on how to comply with GDPR. In such an environment, artificial intelligence technologies ought to be able to assist by providing best advice; asking all and only the relevant questions; monitoring activities; and carrying out assessments. The paper considers four areas of GDPR compliance where rule based technologies and/or machine learning techniques may be relevant: Following compliance checklists and codes of conduct; Supporting risk assessments; Complying with the new regulations regarding technologies that perform automatic profiling; Complying with the new regulations concerning recognising and reporting breaches of security. It concludes that AI technology can support each of these four areas. The requirements that GDPR state for explanation and justification of reasoning imply that rule-based approaches are likely to be more helpful than machine learning approaches. However, there may be good business reasons to take a different approach in some circumstances. (shrink)

Genetics is a biomedical science that investigates heredity, variability, occurrence of genetic diseases and their prevention. Genetic science has many fields of science, which deal with different genetic processes, methods, aspects and fields of application. The genetic research in Europe related to the individual as the main subject of the research is exposed to a wide range of ethical and legal issues. From the developments in genetic science other sciences have evolved, thanks to which the modern world is able to (...) protect the genetic information of data, and to receive the sanction while ignoring the laws of such data. However, many problems still persist in the field of protection of personal genetic information, such as regulatory standards, the inviolability of an individual, the assurance of freedom and privacy of information. This manuscript attempts to reveal the main aspects of genetic human data protection, to research conduct regulations, ethics and issues related to the protection of individuals, such as protection of privacy, discrimination, confidentiality, etc. The article mainly focuses on the Conventions and Protocols elaborated by the Council of Europe because of its role in bioethics and focus on human rights. The author examined the documents such as the Convention on Human Rights and Biomedicine, the Additional Protocol to the Convention on Human Rights and Biomedicine concerning Biomedical Research, Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and others. Genetic discrimination is strictly forbidden by international conventions and declarations, which means that discrimination on the grounds of personal genetic information (diseases, abnormalities) is not possible in all areas, including employment and insurance. However, individuals face some problems in getting a job due to the publicity and information disclosure to their employers, or in increasing the amount of insurance premiums. However, the disclosure of genetic information may have relevant, statutory consequences and the victims may apply to court for defending these rights. It is essential to protect genetic rights, as any form of discrimination against a person on the grounds of their genetic heritage is prohibited and intervention in the health field or disclosure of such information is only possible after the person concerned has given their free and informed consent. (shrink)

RESUMEN: En la era de las tecnologías digitales, el Derecho se enfrenta al objetivo de afrontar la protección de los datos personales en un universo global donde las fronteras se diluyen y el principio de territorialidad ha dejado de tener aplicación. Este trabajo pretende plantear el reto que supone, para el ordenamiento jurídico español, la adaptación a la nueva regulación europea en esta materia.ABSTRACT: At the digital´s technologies age, Law faces with the aim to address the personal data (...) class='Hi'>protection in a global universe where blurring the borders, and the territoriality principle has ceased to be applied. This paper aims to poset he challenge that supposes, to the Spanish legal system, the adaptation to the new European Union regulation on this matter.PALABRAS CLAVE: universo digital, protección de datos personales, reglamento europeo, constitución española, conflictos de competenciaKEYWORDS: digital universe, personal data protection, european regulation, spanish constitution, competence´s conflicts. (shrink)

This paper develops three arguments for increasing the strength of database protection under U.S. law. First, stronger protections would encourage private investment in database development, and private databases have many potential benefits for science and industry. Second, stronger protections would discourage extensive use of private licenses to protect databases and would allow for greater public control over database laws and policies. Third, stronger database protections in the U.S. would harmonize U.S. and E.U. laws and would thus enhance international trade, (...) commerce, and research. The U.S. should therefore follow the European example and develop two tiers of protection for databases: 1) protection for creative databases under copyright law; 2) protection for non-creative databases through a special type of sui generis protection. In order to balance private control of data and public access to data, sui generis protections should define a “fair use” exemption that permits some unauthorized extraction of data for private, educational, and research purposes, provided that such extraction does not adversely impact the economic value of the database. (shrink)

In this article, we consider the possible application of the European General Data Protection Regulation to “citizen scientist”-led health research with mobile devices. We argue that the GDPR likely does cover this activity, depending on the specific context and the territorial scope. Remaining open questions that result from our analysis lead us to call for lex specialis that would provide greater clarity and certainty regarding the processing of health data by for research purposes, including these non-traditional researchers.

This article focuses upon defamation law in Australia and its struggles to adjust to the digital landscape, to illustrate the broader challenges involved in the governance and regulation of data associations. In many instances, online publication will be treated by the courts in a similar fashion to traditional forms of publication. What is more contentious is the question of who, if anyone, should bear the responsibility for digital forms of defamatory publication which result not from an individual author’s activity (...) online but rather from algorithmic associations. This article seeks, in part, to analyse this question, by reference to the Australian case law and associated scholarship regarding search engine liability. Reflecting on the tensions involved here offers us a fresh perspective on defamation law through the conceptual lens of data associations. Here the focus of the article shifts to explore some wider questions posed for defamation law by big data. Defamation law may come to play a significant role in emerging frameworks for algorithmic accountability, but these developments also call into question many of its traditional concepts and assumptions. It may be time to think differently about defamation and to consider its interrelationship with privacy, speech and data protection more fully. As a result, I conclude that the courts and policymakers need to engage more deeply and explicitly with the rationale for the protection of reputation and that more thought needs to be given to changing conceptions of reputation in the context of data associations. (shrink)

In May 2021, the UK National Health Service (NHS) proposed a scheme—called General Practice Data for Planning Research (GPDPR)—for sharing patients’ data. Under that system, a patient who does not wish to participate must actively opt out of their data being shared with third parties for research and other purposes. In this paper, we analyse the lessons that can be learned for the responsible and ethical governance of health data from the NHS’ new scheme. More specifically, (...) we explore the extent to which the opt-out within the planned scheme complies with the requirements stemming from the General Data Protection Regulation (GDPR), particularly in relation to the principles of lawfulness and transparency. We then evaluate, from an ethical perspective, this opt-out ‘nudge’ and whether it is sufficiently resistible, reversible, and has appropriate goals. In light of the above, we then propose improvements for the scheme’s legal and ethical acceptability. (shrink)

The unprecedented public panic caused by COVID-19 will affect the recovery of tourism, especially the theme parks, which are generally crowded due to high visitor volume. The purpose of this study is to discuss the effect of the COVID-19 on the theme park industry. This study aims to predict recommendation intentions of theme park visitors by exploring the complicated mechanism derived from the fear of COVID-19. This study uses a quantitative research method, and SPSS 20.0 and AMOS 22.0 were used (...) for data analysis. An online survey was conducted with 420 Chinese respondents who visited Shanghai Disneyland after its reopening. The study explored the relationship between Fear of COVID-19, perceived risk, participation, service experience, and revisit intention. Results indicated the perceived risk of theme park visitors will not directly ruin their recommendation intention. Visitors’ fear of COVID-19 enhanced their perceived risk, reduced their desire for active participation and impaired their service experience, which consequently affected their recommendation intention. We provide theoretical and managerial implications. (shrink)

Data protection law has a linear logic, in that it purports to trace the lifecycle of personal data from creation to collection, processing, transfer, and ultimately its demise, and to regulate each step so as to promote the data subject’s control thereof. Big data defies this linear logic, in that it decontextualizes data from its original environment and conducts an algorithmic nonlinear mix, match, and mine analysis. Applying data protection law to the (...) processing of big data does not work well, to say the least. This Article examines the case of big medical data. A survey of emerging research practices indicates that studies either ignore data protection law altogether or assume an ex post position, namely that because they are conducted after the data has already been created in the course of providing medical care, and they use de-identified data, they go under the radar of data protection law. These studies focus on the end-point of the lifecycle of big data: if sufficiently anonymous at publication, the previous steps are overlooked, on the claim that they enjoy immunity. I argue that this answer is too crude. To portray data protection law in its best light, we should view it as a process-based attempt to equip data subjects with some power to control personal data about them, in all phases of data processing. Such control reflects the underlying justification of data protection law as an implementation of human dignity. The process-based approach fits current legal practices and is justified by reflecting dignitarian conceptions of informational privacy. (shrink)

This study aims to optimize the enterprise criminal law-based copyright protection. This exploration discusses the role of the entrepreneurial spirit in criminal law-based copyright protection. To study the relationship between ES and criminal law-based copyright protection, the concepts of ES, criminal law-based copyright protection, and enterprise innovation are given. Next, by collecting literature, hypotheses are put forward. They include the relationship between ES and enterprise innovation, ES and the criminal law-based copyright protection, and the intermediary (...) role of ES in the criminal law-based copyright protection and economic growth. Then, relevant models are established. Finally, the hypotheses are tested through experiments and empirical analysis, and the model is regressed to test the experimental data’s robustness and the scale’s reliability and validity. The empirical analysis shows that: the significance of ES under the 1% index is greater than 0. It indicates that the higher the managers’ ES is, the greater the enterprise innovation is. The significance of criminal law-based copyright protection on ES under the 1% index is greater than 0 and the regression coefficient is 0.59. This shows that criminal law-based copyright protection has a significant positive impact on ES. Under the l% index, the significance of ES on economic growth is greater than 0 and the regression coefficient is 0.63. It shows that ES mediates the relationship between criminal law-based copyright protection and economic growth. Therefore, strengthening criminal law-based copyright protection improves the ES and leads to faster enterprise and regional economic development. Therefore, the state should pay attention to criminal law-based copyright protection to encourage innovation to promote enterprise development. This exploration studies the relationship among ES, economic growth, enterprise innovation, and criminal law-based copyright protection. The finding provides a theoretical reference for criminal law-based copyright protection. (shrink)

The paper deals with the governance of Unmanned Aircraft Systems in European law. Three different kinds of balance have been struck between multiple regulatory systems, in accordance with the sector of the governance of UAS which is taken into account. The first model regards the field of civil aviation law and its European Union ’s regulation: the model looks like a traditional mix of top-down regulation and soft law. The second model concerns the EU general data protection law, (...) the GDPR, which has set up a co-regulatory framework summed up with the principle of accountability also, but not only, in the field of drones. The third model of governance has been adopted by the EU through methods of legal experimentation and coordination mechanisms for UAS. The overall aim of the paper is to elucidate the ways in which such three models interact, insisting on differences and similarities with other technologies, and further legal systems. (shrink)

This research focuses on the issue of human rights violations, particularly those affecting Muslim women in Indonesian diaspora marriages in Russia. Despite the regulations set by the Family Code of the Russian Federation, there have been reports of abuse, expulsion, withholding of documents and unilateral divorce. The purpose of this qualitative research using Smith’s phenomenological approach is to analyse the root causes of these violations and provide solutions. Data were collected through in-depth interviews, observation and documentation analysis. The results (...) showed that domestic violence was caused by a lack of self-concern and lack of cultural, legal and legal administration literacy. This lack of literation contributes to the violation of the rights of married diaspora women in Russia. Self-protection can be enhanced by increasing faith-based marriage literacy and cultural and legal literacy. Contribution: This research provides insight into the factors contributing to human rights violations in Indonesian diaspora marriages in Russia and proposes solutions to prevent such violations. The findings of this study can also serve as a basis for future research in the field of human rights and diaspora. (shrink)

Large data-intensive health research programmes benefit from collaboration amongst researchers who may be located in different institutions and international contexts. However, complexities in navigating privacy frameworks and data protection laws across various jurisdictions pose significant challenges to researchers seeking to share or transfer data outside of institutional boundaries. Research on the awareness of data protection and privacy laws amongst stakeholders is limited. Our qualitative study, drawn from a larger project in Singapore, revealed insights into (...) stakeholders’ perceptions of the role of law in cross-national health data research. Stakeholders in our study demonstrated a range of perceptions regarding the role of data protection law in governing the collection and transfer of health data for research. The main criticisms included inadequate legal protection to data and lack of uniformed data protection standards. Despite these criticisms, participants recognised the importance of data protection law in supporting cross-border data transfers and proposed measures to improve perceived limitations of existing laws. These measures include strengthening existing legal framework, establishing contractual agreements and imposing severe punishments for data misuse. (shrink)

Researchers now commonly collect biospecimens for genomic analysis together with information from mobile devices and electronic health records. This rich combination of data creates new opportunities for understanding and addressing important health issues, but also intensifies challenges to privacy and confidentiality. Here, we elucidate the “web” of legal protections for precision medicine research by integrating findings from qualitative interviews with structured legal research and applying them to realistic research scenarios involving various privacy threats.

After examining some of the most fundamental aspects of the general concept of ‘neuroright’ in the current discussion, this paper analyzes the concept of ‘the mental’ contained in the very first law of neurorights in the world currently under discussion in the Senate of the Republic of Chile (Bulletin 13.828-19 of the Chilean Senate). It is claimed that the lack of specificity of the target notion might not only posit difficulties for the creation of specific legal frameworks for the (...) class='Hi'>protection of subjects from potential misuses of neurotechnologies with access to neural data, but it might also make very difficult the process of decision-taking when interpreting the law. (shrink)

This edited collection brings together a series of interdisciplinary contributions in the field of Information Technology Law. The topics addressed in this book cover a wide range of theoretical and practical legal issues that have been created by cutting-edge Internet technologies, primarily Big Data, the Internet of Things, and Cloud computing. Consideration is also given to more recent technological breakthroughs that are now used to assist, and - at times - substitute for, human work, such as automation, robots, sensors, (...) and algorithms. The chapters presented in this edition address these issues from the perspective of different legal backgrounds. The first part of the book discusses some of the shortcomings that have prompted legislators to carry out reforms with regard to privacy, data protection, and data security. Notably, some of the complexities and salient points with regard to the new European General Data Protection Regulation (EU GDPR) and the new amendments to the Japan's Personal Information Protection Act (PIPA) have been scrutinized. The second part looks at the vital role of Internet intermediaries (or brokers) for the proper functioning of the globalized electronic market and innovation technologies in general. The third part examines an electronic approach to evidence with an evaluation of how these technologies affect civil and criminal investigations. The authors also explore issues that have emerged in e-commerce, such as Bitcoin and its blockchain network effects. The book aims to explain, systemize and solve some of the lingering legal questions created by the disruptive technological change that characterizes the early twenty-first century. (shrink)

It has become increasingly difficult for individuals to exercise meaningful control over the personal data they disclose to companies or to understand and track the ways in which that data is exchanged and used. These developments have led to an emerging consensus that existing privacy and data protection laws offer individuals insufficient protections against harms stemming from current data practices. However, an effective and ethically justified way forward remains elusive. To inform policy in this area, (...) we propose the Ethical Data Practices framework. The framework outlines six principles relevant to the collection and use of personal data—minimizing harm, fairly distributing benefits and burdens, respecting autonomy, transparency, accountability, and inclusion—and translates these principles into action-guiding practical imperatives for companies that process personal data. In addition to informing policy, the practical imperatives can be voluntarily adopted by companies to promote ethical data practices. (shrink)

This paper shows that the law, in subtle ways, may set hitherto unrecognized incentives for the adoption of explainable machine learning applications. In doing so, we make two novel contributions. First, on the legal side, we show that to avoid liability, professional actors, such as doctors and managers, may soon be legally compelled to use explainable ML models. We argue that the importance of explainability reaches far beyond data protection law, and crucially influences questions of contractual and tort (...) liability for the use of ML models. To this effect, we conduct two legal case studies, in medical and corporate merger applications of ML. As a second contribution, we discuss the trade-off between accuracy and explainability and demonstrate the effect in a technical case study in the context of spam classification. (shrink)

Explainable AI (XAI) provides methods to understand non-interpretable machine learning models. However, we have little knowledge about what legal experts expect from these explanations, including their legal compliance with, and value against European Union legislation. To close this gap, we present the Explanation Dialogues, an expert focus study to uncover the expectations, reasoning, and understanding of legal experts and practitioners towards XAI, with a specific focus on the European General Data Protection Regulation. The study consists of an online (...) questionnaire and follow-up interviews, and is centered around a use-case in the credit domain. We extract both a set of hierarchical and interconnected codes using grounded theory, and present the standpoints of the participating experts towards XAI. We find that the presented explanations are hard to understand and lack information, and discuss issues that can arise from the different interests of the data controller and subject. Finally, we present a set of recommendations for developers of XAI methods, and indications of legal areas of discussion. Among others, recommendations address the presentation, choice, and content of an explanation, technical risks as well as the end-user, while we provide legal pointers to the contestability of explanations, transparency thresholds, intellectual property rights as well as the relationship between involved parties. (shrink)

This paper addresses the question of delegation of morality to a machine, through a consideration of whether or not non-humans can be considered to be moral. The aspect of morality under consideration here is protection of privacy. The topic is introduced through two cases where there was a failure in sharing and retaining personal data protected by UK data protection law, with tragic consequences. In some sense this can be regarded as a failure in the process (...) of delegating morality to a computer database. In the UK, the issues that these cases raise have resulted in legislation designed to protect children which allows for the creation of a huge database for children. Paradoxically, we have the situation where we failed to use digital data in enforcing the law to protect children, yet we may now rely heavily on digital technologies to care for children. I draw on the work of Floridi, Sanders, Collins, Kusch, Latour and Akrich, a spectrum of work stretching from philosophy to sociology of technology and the “seamless web” or “actor–network” approach to studies of technology. Intentionality is considered, but not deemed necessary for meaningful moral behaviour. Floridi’s and Sanders’ concept of “distributed morality” accords with the network of agency characterized by actor–network approaches. The paper concludes that enfranchizing non-humans, in the shape of computer databases of personal data, as moral agents is not necessarily problematic but a balance of delegation of morality must be made between human and non-human actors. (shrink)

The ‘smart city’ has been driven by advances in information and communication technologies, with the aim of integrating these technologies with urban infrastructures for improved optimisation, automation and control. Smart cities have emerged as a response to the challenges faced by megacities and are likely to manifest the ‘datafying’ society in the public space. However, the pervasive nature of data collection, continuous analysis and inference, and long-term data storage result in a potentially problematic reconfiguration of society that undermines (...) individual and collective autonomy. This article proposes the concept of ‘data autonomy’ as a guiding principle for the development of smart cities, addressing challenges related to the potential misuse of personal data, sphere transgression, and datafied gentrification. Section II. explores concerns related to data protection law, which can be understood as a proxy for the relationship between the individual and society, highlighting power dynamics and the autonomy of individuals and communities. Section III. discusses the concept of sphere transgression, where tech giants expand their influence in society without adequate expertise or accountability. Section IV. examines the potential impact of datafied gentrification on individual and collective autonomy. Building on the challenges identified throughout these sections, this paper proposes ‘data autonomy’ as a guiding principle for smart city development in section V., promoting a value-based approach centred on human dignity. To make it practicable, increased interdisciplinary collaboration in the development of smart cities is needed, with a particular focus on improved design and impact assessment methodologies. (shrink)

Researchers have given some attention to women law enforcement officers' experiences and perceptions of sexual harassment. Yet, few studies have determined how the interaction of gender and race affect African American women's perception of this workplace impediment. This article explores one group of women's experiences in a U.S. sheriff's department. Interview data gathered from 65 African American women who are active and former law enforcement officers provide a comprehensive examination of how African American women in nontraditional criminal justice occupations (...) experience racialized sexual harassment. Differences in degree and frequency of harassment are found among the women in different cohorts based on their job tenure, marital status, and the race of their harassers. (shrink)

Proliferation of data processing and data storage devices in the Internet of Things poses significant privacy risks. At the same time, faster and faster use-cycles and obsolescence of devices with electronic components causes environmental problems. Some of the solutions to the environmental challenges of e-waste include mandatory recycling schemes as well as informal second hand markets. However, the data security and privacy implications of these green policies are as yet badly understood. This paper argues that based on (...) the experience with second hand markets in desktop computers, it is very likely that data that was legitimately collected under the household exception of the Data Protection Directive will “leak” into public spheres. Operators of large recycling schemes may find themselves inadvertently and unknowingly to be data controller for the purpose of Data Protection law, private resale of electronic devices can expose the prior owner to significant privacy risks. (shrink)

In view of the vital role played by the testimony or witness in detecting and combating corruption crimes, the Saudi Arabia issued a new law for the protection of whistleblowers, witnesses, experts and victims, by Royal Decree No. (M/148) dated 8/8/1445 AH, and since there is a potential threat to those who dare to reporting or witnessing the commission of these crimes, the low dealt with the types and forms of protection provided to them, and this research tries (...) to answer a key question, which is: What types of protections does the Saudi low guarantee to witnesses in corruption cases? This is done by using the descriptive, analytical research methodology, by characterizing and extrapolating the types of protection, and analyzing the texts of the low to identify the types and forms of protection contained therein. The study reached several results, the most important of which are: the interest of the Saudi regulator in protecting witnesses in this type of cases to provide the necessary guarantees for the protection of human rights, as it enacted a set of security, judicial, functional and social guarantees to protect the witness, and organized a number of new measures, including concealing the witness's identity and personal data, not attending him during the trial, and sufficiency, for example, with recordings without the possibility of discussing him. (shrink)

Pharmaceutical companies have long relied on direct marketing of their drugs to physicians through one-on-one meetings with sales representatives. This practice of “detailing” is substantial in its costs and its number of participants. Every year, pharmaceutical companies spend billions of dollars on millions of visits to physicians by tens of thousands of sales representatives.Critics have argued that drug detailing results in sub-optimal prescribing decisions by physicians, compromising patient health and driving up spending on medical care. In this view, physicians often (...) are unduly influenced both by marketing presentations that do not accurately reflect evidence from the medical literature and by the gifts that sales representatives deliver in conjunction with their presentations. (shrink)

This paper uses the term “ surveillance ” in its widest sense to include data sharing and the revealing of identity information in the absence of consent of the individual concerned. It argues that the current debate about the nature of a “ surveillance society” needs a new structural framework that allows the benefits of surveillance and the risks to individual privacy to be properly balanced. To this end, the first part of this article sets out the reasons why (...) reliance on the current framework of data protection or human rights legislation, or on the current regulatory regime does not necessarily protect privacy. The second part sets out nine principles that can be used to assess whether individual privacy is comprehensively considered when surveillance policy is developed. These principles are applied to surveillance in the UK to identify the structural improvements that could create an effective balance. These principles are not legislative proposals but provide a means of exploring possible deficiencies in information law governance and, in particular, Parliament’s role in scrutinising the executive and the powers needed by a regulator when engaging with the Parliamentary process. As most European countries adopt a democratic, human rights framework, it is suggested that these principles are not limited in an application in the UK environment. The views expressed in this article are the author’s own. (shrink)