The rapid development of information technology has exacerbated the need for robust personal data protection, the right to which is safeguarded by both European Union (EU) and Council of Europe (CoE) instruments. Safeguarding this important right entails new and significant challenges as technological advances expand the frontiers of areas such as surveillance, communication interception and data storage. This handbook is designed to familiarise legal practitioners not specialised in data protection with this emerging area of the law. It provides an overview of the EU’s and the CoE’s applicable legal frameworks. It also explains key case law, summarising major rulings of both the Court of Justice of the European Union and the European Court of Human Rights. In addition, it presents hypothetical scenarios that serve as practical illustrations of the diverse issues encountered in this ever-evolving field.

GDPR: Personal Data Protection in the European Union Mariusz Krzysztofek Personal data protection has become one of the central issues in any understanding of the current world system. In this connection, the European Union (EU) has created the most sophisticated regime currently in force with the General Data Protection Regulation (GDPR) (EU) 2016/679. Following the GDPR’s recent reform – the most extensive since the first EU laws in this area were adopted and implemented into the legal orders of the Member States – this book offers a comprehensive discussion of all principles of personal data processing, obligations of data controllers, and rights of data subjects, providing a thorough, up-to-date account of the legal and practical aspects of personal data protection in the EU. Coverage includes the recent Court of Justice of the European Union (CJEU) judgment on data transfers and new or updated data protection authorities’ guidelines in the EU Member States. Among the broad spectrum of aspects of the subject covered are the following: – right to privacy judgments of the CJEU and the European Court of Human Rights; – scope of the GDPR and its key definitions, key principles of personal data processing; – legal bases for the processing of personal data; – direct and digital marketing, cookies, and online behavioural advertising; – processing of personal data of employees; – sensitive data and criminal records; – information obligation & privacy notices; – data subjects rights; – data controller, joint controllers, and processors; – data protection by design and by default, data security measures, risk-based approach, records of personal data processing activities, notification of a personal data breach to the supervisory authority and communication to the data subject, data protection impact assessment, codes of conduct and certification; – Data Protection Officer; – transfers of personal data to non-EU/EEA countries; and – privacy in the Internet and surveillance age. Because the global scale and evolution of information technologies have changed the data processing environment and brought new challenges, and because many non-EU jurisdictions have adopted equivalent regimes or largely analogous regulations, the book will be of great usefulness worldwide. Multinational corporations and their customers and contractors will benefit enormously from consulting and using this book, especially in conducting case law, guidelines and best practices formulated by European data protection authorities. For lawyers and academics researching or advising clients on this area, this book provides an indispensable source of practical guidance and information for many years to come.

Practically every organisation in the world processes personal data. European data protection law imposes a series of requirements designed to protect individuals against the risks that result from the processing of their data. It also distinguishes among different types of actors involved in the processing and sets out different obligations for each type of actor. The most important distinction in this regard is the distinction between 'controllers' and 'processors'. This book seeks to determine whether EU data protection law should continue to maintain its current distinction.

Nearly two decades after the EU first enacted data protection rules, key questions about the nature and scope of this EU policy, and the harms it seeks to prevent, remain unanswered. The inclusion of a Right to Data Protection in the EU Charter has increased the salience of these questions, which must be addressed in order to ensure the legitimacy, effectiveness and development of this Charter right and the EU data protection regime more generally. The Foundations of EU Data Protection Law is a timely and important work which sheds new light on this neglected area of law, challenging the widespread assumption that data protection is merely a subset of the right to privacy. By positioning EU data protection law within a comprehensive conceptual framework, it argues that data protection has evolved from a regulatory instrument into a fundamental right in the EU legal order and that this right grants individuals more control over more forms of data than the right to privacy. It suggests that this dimension of the right to data protection should be explicitly recognised, while identifying the practical and conceptual limits of individual control over personal data. At a time when EU data protection law is sitting firmly in the international spotlight, this book offers academics, policy-makers, and practitioners a coherent vision for the future of this key policy and fundamental right in the EU legal order, and how best to realise it.

This book contains the General Data Protection Regulation 2016 with official justifications. Legal provisions are accompanied by their recitals. Ideal for any practitioner and anyone interested in European data privacy. "The General Data Protection Regulation is the first directly applicable legal basis valid in all EU member states for processing personal data. It was concluded in April 2016 following a three-year coordination procedure, and replaces the data protection directive from 1995. The updates in the regulation include rights related to data portability and the right to be forgotten. There are changes with regard to data transmission to third-party countries, national supervisory agencies ("one-stop-shops") and their collaboration. But above all, the drastically harsher sanctions in response to violations should be an impetus for all affected companies to review their compliance measures. The European Parliament and the Council have granted a transitional deadline of two years for this purpose."

All are agreed that the digital economy contributes to a dynamic evolution of markets and competition. Nonetheless, concerns are increasingly raised about the market dominance of a few key players. Because these companies hold the power to drive rivals out of business, regulators have begun to seek scope for competition enforcement in cases where companies claim that withholding data is needed to satisfy customers and cut costs. This book is the first focus on how competition law enforcement tools can be applied to refusals of dominant firms to give access data on online platforms such as search engines, social networks, and e-commerce platforms – commonly referred to as the ‘gatekeepers’ of the Internet. The question arises whether the denial of a dominant firm to grant competitors access to its data could constitute a ‘refusal to deal’ and lead to competition law liability under the so-called ‘essential facilities doctrine', according to which firms need access to shared knowledge in order to be able to compete. A possible duty to share data with rivals also brings to the forefront the interaction of competition law with data protection legislation considering that the required information may include personal data of individuals. Building on the refusal to deal concept, and using a multidisciplinary approach, the analysis covers such issues and topics as the following: – data portability; – interoperability; – data as a competitive advantage or entry barrier in digital markets; – market definition and dominance with respect to data; – disruptive versus sustaining innovation; – role of intellectual property regimes; – economic trade-off in essential facilities cases; – relationship of competition enforcement with data protection law and – data-related competition concerns in merger cases. The author draws on a wealth of relevant material, including EU and US decision-making practice, case law, and policy documents, as well as economic and empirical literature on the link between competition and innovation. The book concludes with a proposed framework for the application of the essential facilities doctrine to potential forms of abuse of dominance relating to data. In addition, it makes suggestions as to how data protection interests can be integrated into competition policy. An invaluable contribution to ongoing academic and policy discussions about how data-related competition concerns should be addressed under competition law, the analysis clearly demonstrates how existing competition tools for market definition and assessment of dominance can be applied to online platforms. It will be of immeasurable value to the many jurists, business persons, and academics concerned with this very timely subject.

Data Protection has become one of the most important news topics of recent years, playing a role in elections and referendums, and posing a whole host of new legal questions. At its core, data protection is the statutory protection provided to protect the privacy of individuals with regard to personal data. It's places various obligations on persons who keep personal data, eg that the data must be accurate and kept for lawful purposes. EU Data Protection Law provides an analysis of the EU's proposed General Data Protection Regulation. The book analyses the rights of the data subject including rights to information, access, rectification, erasure (right to be forgotten), restriction, portability and objection. It examines in detail the role and responsibilities of controllers and processors together with governance (including the Data Protection Officer) and risk (data protection by design and default, the Data Protection Impact Assessment, data security and the notification of subjects). The role of data protection authorities, the European Data Protection Board and enforcement mechanisms such as fines and other liabilities and penalties are also explored. Other relevant Directives are discussed together with appropriate case law. This comprehensive treatment is the only one of its kind. It will also be of international appeal, as Ireland's perspective in this area carries great weight in light of Ireland's position as the European headquarters for many digital technology companies such as Facebook and Google.

This book provides expert advice on the practical implementation of the European Union’s General Data Protection Regulation (GDPR) and systematically analyses its various provisions. Examples, tables, a checklist etc. showcase the practical consequences of the new legislation. The handbook examines the GDPR’s scope of application, the organizational and material requirements for data protection, the rights of data subjects, the role of the Supervisory Authorities, enforcement and fines under the GDPR, and national particularities. In addition, it supplies a brief outlook on the legal consequences for seminal data processing areas, such as Cloud Computing, Big Data and the Internet of Things.Adopted in 2016, the General Data Protection Regulation will come into force in May 2018. It provides for numerous new and intensified data protection obligations, as well as a significant increase in fines (up to 20 million euros). As a result, not only companies located within the European Union will have to change their approach to data security; due to the GDPR’s broad, transnational scope of application, it will affect numerous companies worldwide.

This open access book comprehensively covers the fundamentals of clinical data science, focusing on data collection, modelling and clinical applications. Topics covered in the first section on data collection include: data sources, data at scale (big data), data stewardship (FAIR data) and related privacy concerns. Aspects of predictive modelling using techniques such as classification, regression or clustering, and prediction model validation will be covered in the second section. The third section covers aspects of (mobile) clinical decision support systems, operational excellence and value-based healthcare. Fundamentals of Clinical Data Science is an essential resource for healthcare professionals and IT consultants intending to develop and refine their skills in personalized medicine, using solutions based on large datasets from electronic health records or telemonitoring programmes. The book’s promise is “no math, no code”and will explain the topics in a style that is optimized for a healthcare audience.

This new book provides an article-by-article commentary on the new EU General Data Protection Regulation. Adopted in April 2016 and applicable from May 2018, the GDPR is the centrepiece of the recent reform of the EU regulatory framework for protection of personal data. It replaces the 1995 EU Data Protection Directive and has become the most significant piece of data protection legislation anywhere in the world. The book is edited by three leading authorities and written by a team of expert specialists in the field from around the EU and representing different sectors (including academia, the EU institutions, data protection authorities, and the private sector), thus providing a pan-European analysis of the GDPR. It examines each article of the GDPR in sequential order and explains how its provisions work, thus allowing the reader to easily and quickly elucidate the meaning of individual articles. An introductory chapter provides an overview of the background to the GDPR and its place in the greater structure of EU law and human rights law. Account is also taken of closely linked legal instruments, such as the Directive on Data Protection and Law Enforcement that was adopted concurrently with the GDPR, and of the ongoing work on the proposed new E-Privacy Regulation.