Keyword: Privacy

Personalised pricing: The demise of the fixed price? external link

Poort, J. & Zuiderveen Borgesius, F.
2021

Abstract

An online seller or platform is technically able to offer every consumer a different price for the same product, based on information it has about the customers. Such online price discrimination exacerbates concerns regarding the fairness and morality of price discrimination, and the possible need for regulation. In this chapter, we discuss the underlying basis of price discrimination in economic theory, and its popular perception. Our surveys show that consumers are critical and suspicious of online price discrimination. A majority consider it unacceptable and unfair, and are in favour of a ban. When stores apply online price discrimination, most consumers think they should be informed about it. We argue that the General Data Protection Regulation (GDPR) applies to the most controversial forms of online price discrimination, and not only requires companies to disclose their use of price discrimination, but also requires companies to ask customers for their prior consent. Industry practice, however, does not show any adoption of these two principles.

algorithms, frontpage, GDPR, gegevensbescherming, Personalisation, Price discrimination, Privacy

Bibtex

Article{Poort2021, title = {Personalised pricing: The demise of the fixed price?}, author = {Poort, J. and Zuiderveen Borgesius, F.}, url = {https://www.ivir.nl/publicaties/download/The-Demise-of-the-Fixed-Price.pdf}, year = {0304}, date = {2021-03-04}, abstract = {An online seller or platform is technically able to offer every consumer a different price for the same product, based on information it has about the customers. Such online price discrimination exacerbates concerns regarding the fairness and morality of price discrimination, and the possible need for regulation. In this chapter, we discuss the underlying basis of price discrimination in economic theory, and its popular perception. Our surveys show that consumers are critical and suspicious of online price discrimination. A majority consider it unacceptable and unfair, and are in favour of a ban. When stores apply online price discrimination, most consumers think they should be informed about it. We argue that the General Data Protection Regulation (GDPR) applies to the most controversial forms of online price discrimination, and not only requires companies to disclose their use of price discrimination, but also requires companies to ask customers for their prior consent. Industry practice, however, does not show any adoption of these two principles.}, keywords = {algorithms, frontpage, GDPR, gegevensbescherming, Personalisation, Price discrimination, Privacy}, }

Decentralised Data Processing: Personal Data Stores and the GDPR external link

Janssen, H., Cobbe, J., Norval, C. & Singh, J.
International Data Privacy Law, vol. 10, num: 4, pp: 356-384, 2021

Abstract

When it comes to online services, users have limited control over how their personal data is processed. This is partly due to the nature of the business models of those services, where data is typically stored and aggregated in data centres. This has recently led to the development of technologies aiming at leveraging user control over the processing of their personal data. Personal Data Stores (“PDSs”) represent a class of these technologies; PDSs provide users with a device, enabling them to capture, aggregate and manage their personal data. The device provides tools for users to control and monitor access, sharing and computation over data on their device. The motivation for PDSs are described as (i) to assist users with their confidentiality and privacy concerns, and/or (ii) to provide opportunities for users to transact with or otherwise monetise their data. While PDSs potentially might enable some degree of user empowerment, they raise interesting considerations and uncertainties in relation to the responsibilities under the General Data Protection Regulation (GDPR). More specifically, the designations of responsibilities among key parties involved in PDS ecosystems are unclear. Further, the technical architecture of PDSs appears to restrict certain lawful grounds for processing, while technical means to identify certain category data, as proposed by some, may remain theoretical. We explore the considerations, uncertainties, and limitations of PDSs with respect to some key obligations under the GDPR. As PDS technologies continue to develop and proliferate, potentially providing an alternative to centralised approaches to data processing, we identify issues which require consideration by regulators, PDS platform providers and technologists.

GDPR, Privacy

Bibtex

Article{Janssen2021, title = {Decentralised Data Processing: Personal Data Stores and the GDPR}, author = {Janssen, H. and Cobbe, J. and Norval, C. and Singh, J.}, url = {https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3570895 https://www.ivir.nl/publicaties/download/IDPL-2021-4.pdf}, doi = {https://doi.org/https://doi.org/10.1093/idpl/ipaa016}, year = {0104}, date = {2021-01-04}, journal = {International Data Privacy Law}, volume = {10}, number = {4}, pages = {356-384}, abstract = {When it comes to online services, users have limited control over how their personal data is processed. This is partly due to the nature of the business models of those services, where data is typically stored and aggregated in data centres. This has recently led to the development of technologies aiming at leveraging user control over the processing of their personal data. Personal Data Stores (“PDSs”) represent a class of these technologies; PDSs provide users with a device, enabling them to capture, aggregate and manage their personal data. The device provides tools for users to control and monitor access, sharing and computation over data on their device. The motivation for PDSs are described as (i) to assist users with their confidentiality and privacy concerns, and/or (ii) to provide opportunities for users to transact with or otherwise monetise their data. While PDSs potentially might enable some degree of user empowerment, they raise interesting considerations and uncertainties in relation to the responsibilities under the General Data Protection Regulation (GDPR). More specifically, the designations of responsibilities among key parties involved in PDS ecosystems are unclear. Further, the technical architecture of PDSs appears to restrict certain lawful grounds for processing, while technical means to identify certain category data, as proposed by some, may remain theoretical. We explore the considerations, uncertainties, and limitations of PDSs with respect to some key obligations under the GDPR. As PDS technologies continue to develop and proliferate, potentially providing an alternative to centralised approaches to data processing, we identify issues which require consideration by regulators, PDS platform providers and technologists.}, keywords = {GDPR, Privacy}, }

Constitutionele Interpretatie. Een rechtsvergelijkend onderzoek naar de vaststelling van de reikwijdte van het recht op persoonlijkheid external link

Janssen, H.
pp: 495, 2003

Persoonlijkheidsrechten, Privacy, rechtsvergelijking

Bibtex

PhD Thesis{Janssen2003, title = {Constitutionele Interpretatie. Een rechtsvergelijkend onderzoek naar de vaststelling van de reikwijdte van het recht op persoonlijkheid}, author = {Janssen, H.}, url = {https://cris.maastrichtuniversity.nl/ws/portalfiles/portal/38414297/1637229.pdf}, year = {0207}, date = {2003-02-07}, keywords = {Persoonlijkheidsrechten, Privacy, rechtsvergelijking}, }

WODC-onderzoek: Voorziening voor verzoeken tot snelle verwijdering van onrechtmatige online content external link

van Hoboken, J., Appelman, N., van Duin, A., Blom, T., Zarouali, B., Fahy, R., Steel, M., Stringhi, E. & Helberger, N.
2020

Abstract

Dit onderzoek is uitgegeven als onderdeel van het speerpunt van de Minister voor Rechtsbescherming om de positie van slachtoffers van onrechtmatige uitingen op het internet te verbeteren. Aanleiding is dat het voor mensen als te moeilijk ervaren wordt om onrechtmatige online content snel verwijderd te krijgen. Dit rapport biedt inzicht in de juridische en praktische haalbaarheid van een voorziening voor de verwijdering van onrechtmatige online content die mensen persoonlijk raakt. Onrechtmatige content is informatie, door mensen op het internet geplaatst, die in strijd is met het recht, vanwege de schadelijke gevolgen ervan en/of omdat de belangen van anderen daardoor op ernstige wijze worden aangetast. Hierbij moet, bijvoorbeeld, gedacht worden aan bedreigingen, privacy-inbreuken of wraakporno. Het doel van de onderzochte voorziening is om mensen in staat te stellen deze onrechtmatige online content zo snel mogelijk te verwijderen. Het onderzoek focust op onrechtmatige online content die mensen in hun persoon raakt en daarmee onder het recht op privéleven uit artikel 8 Europees Verdrag voor de Rechten van de Mens (“EVRM”) valt.

Art. 8 EVRM, frontpage, Informatierecht, onrechtmatige online content, Privacy

Bibtex

Report{vanHoboken2020d, title = {WODC-onderzoek: Voorziening voor verzoeken tot snelle verwijdering van onrechtmatige online content}, author = {van Hoboken, J. and Appelman, N. and van Duin, A. and Blom, T. and Zarouali, B. and Fahy, R. and Steel, M. and Stringhi, E. and Helberger, N.}, url = {https://www.ivir.nl/publicaties/download/WODC_voorziening_onrechtmatige_content.pdf}, year = {1112}, date = {2020-11-12}, abstract = {Dit onderzoek is uitgegeven als onderdeel van het speerpunt van de Minister voor Rechtsbescherming om de positie van slachtoffers van onrechtmatige uitingen op het internet te verbeteren. Aanleiding is dat het voor mensen als te moeilijk ervaren wordt om onrechtmatige online content snel verwijderd te krijgen. Dit rapport biedt inzicht in de juridische en praktische haalbaarheid van een voorziening voor de verwijdering van onrechtmatige online content die mensen persoonlijk raakt. Onrechtmatige content is informatie, door mensen op het internet geplaatst, die in strijd is met het recht, vanwege de schadelijke gevolgen ervan en/of omdat de belangen van anderen daardoor op ernstige wijze worden aangetast. Hierbij moet, bijvoorbeeld, gedacht worden aan bedreigingen, privacy-inbreuken of wraakporno. Het doel van de onderzochte voorziening is om mensen in staat te stellen deze onrechtmatige online content zo snel mogelijk te verwijderen. Het onderzoek focust op onrechtmatige online content die mensen in hun persoon raakt en daarmee onder het recht op privéleven uit artikel 8 Europees Verdrag voor de Rechten van de Mens (“EVRM”) valt.}, keywords = {Art. 8 EVRM, frontpage, Informatierecht, onrechtmatige online content, Privacy}, }

Annotatie bij Rb. Den Haag 5 februari 2020 (NJCM c.s. / Staat der Nederlanden – SyRI-wetgeving) external link

Dommering, E.
Nederlandse Jurisprudentie, num: 45, pp: 6792-6795, 2020

Abstract

De SyRI-wetgeving voldoet niet aan de in art. 8 lid 2 EVRM gestelde eis dat de inmenging in de uitoefening van het recht op respect voor het privéleven noodzakelijk is in een democratische samenleving, dat wil zeggen noodzakelijk, evenredig (proportioneel) en subsidiair in relatie tot het beoogde doel.

Annotaties, frontpage, Privacy, SyRI-wetgeving

Bibtex

Article{Dommering2020i, title = {Annotatie bij Rb. Den Haag 5 februari 2020 (NJCM c.s. / Staat der Nederlanden – SyRI-wetgeving)}, author = {Dommering, E.}, url = {https://www.ivir.nl/publicaties/download/Annotatie_NJ_2020_386.pdf}, year = {1110}, date = {2020-11-10}, journal = {Nederlandse Jurisprudentie}, number = {45}, abstract = {De SyRI-wetgeving voldoet niet aan de in art. 8 lid 2 EVRM gestelde eis dat de inmenging in de uitoefening van het recht op respect voor het privéleven noodzakelijk is in een democratische samenleving, dat wil zeggen noodzakelijk, evenredig (proportioneel) en subsidiair in relatie tot het beoogde doel.}, keywords = {Annotaties, frontpage, Privacy, SyRI-wetgeving}, }

Data Protection or Data Frustration? Individual perceptions and attitudes towards the GDPR external link

Strycharz, J., Ausloos, J. & Helberger, N.
European Data Protection Law Review, vol. 6, num: 3, pp: 407-421, 2020

Abstract

Strengthening individual rights, enhancing control over one’s data and raising awareness were among the main aims the European Commission set for the General Data Protection Regulation (GDPR). In order to assess whether these aims have been met, research into individual perceptions, awareness, and understanding of the Regulation is necessary. This study thus examines individual reactions to the GDPR in order to provide insights into user agency in relation to the Regulation. More specifically, it discusses empirical data (survey with N = 1288) on individual knowledge of, reactions to, and rights exercised under the GDPR in the Netherlands. The results show high awareness of the GDPR and knowledge of individual rights. At the same time, the Dutch show substantial reactance to the Regulation and doubt the effectiveness of their individual rights. These findings point to several issues obstructing the GDPR’s effectiveness, and constitute useful signposts for policy-makers and enforcement agencies to prioritise their strategies in achieving the original aims of the Regulation.

frontpage, GDPR, gegevensbescherming, Privacy

Bibtex

Article{Strycharz2020, title = {Data Protection or Data Frustration? Individual perceptions and attitudes towards the GDPR}, author = {Strycharz, J. and Ausloos, J. and Helberger, N.}, url = {https://www.ivir.nl/publicaties/download/EDPLR_2020_3.pdf}, doi = {https://doi.org/https://doi.org/10.21552/edpl/2020/3/10}, year = {1013}, date = {2020-10-13}, journal = {European Data Protection Law Review}, volume = {6}, number = {3}, pages = {407-421}, abstract = {Strengthening individual rights, enhancing control over one’s data and raising awareness were among the main aims the European Commission set for the General Data Protection Regulation (GDPR). In order to assess whether these aims have been met, research into individual perceptions, awareness, and understanding of the Regulation is necessary. This study thus examines individual reactions to the GDPR in order to provide insights into user agency in relation to the Regulation. More specifically, it discusses empirical data (survey with N = 1288) on individual knowledge of, reactions to, and rights exercised under the GDPR in the Netherlands. The results show high awareness of the GDPR and knowledge of individual rights. At the same time, the Dutch show substantial reactance to the Regulation and doubt the effectiveness of their individual rights. These findings point to several issues obstructing the GDPR’s effectiveness, and constitute useful signposts for policy-makers and enforcement agencies to prioritise their strategies in achieving the original aims of the Regulation.}, keywords = {frontpage, GDPR, gegevensbescherming, Privacy}, }

Privacy and Data Protection in the EU- and US-led Post- WTO Free Trade Agreements external link

Yakovleva, S.
1008, Series: European Yearbook of International Economic Law, pp: 95-115

Abstract

The chapter addresses privacy and data protection in FTAs. It takes stock of the evolution of provisions on privacy and data protection in the post-WTO FTAs and FTAs currently under negotiation relying on EU- and US-led FTAs as an empirical basis. The chapter evaluates the trends and patterns of the development of these provisions and provides an outlook for the upcoming negotiations on electronic commerce at the WTO. It highlights the evolution of provisions on privacy and personal data protection in general exceptions, financial and telecommunications chapters, chapters on electronic commerce and digital trade. After identifying trends in the design and wording of these provisions in the EU- and US-led FTAs the chapter concludes that both trading partners tend to prefer their own template for regional FTAs.

EU, frontpage, gegevensbescherming, Privacy, usa, WTO

Bibtex

Chapter{Yakovleva2020e, title = {Privacy and Data Protection in the EU- and US-led Post- WTO Free Trade Agreements}, author = {Yakovleva, S.}, url = {https://www.ivir.nl/publicaties/download/Yearbook_International_Economic_Law.pdf}, doi = {https://doi.org/https://doi.org/10.1007/978-3-030-46955-9_5}, year = {1008}, date = {2020-10-08}, abstract = {The chapter addresses privacy and data protection in FTAs. It takes stock of the evolution of provisions on privacy and data protection in the post-WTO FTAs and FTAs currently under negotiation relying on EU- and US-led FTAs as an empirical basis. The chapter evaluates the trends and patterns of the development of these provisions and provides an outlook for the upcoming negotiations on electronic commerce at the WTO. It highlights the evolution of provisions on privacy and personal data protection in general exceptions, financial and telecommunications chapters, chapters on electronic commerce and digital trade. After identifying trends in the design and wording of these provisions in the EU- and US-led FTAs the chapter concludes that both trading partners tend to prefer their own template for regional FTAs.}, keywords = {EU, frontpage, gegevensbescherming, Privacy, usa, WTO}, }

Personal Data Transfers in International Trade and EU Law: A Tale of Two ‘Necessities’ external link

Yakovleva, S.
The Journal of World Investment & Trade, pp: 1-39, 2020

Abstract

Cross-border flows of personal data have become essential for international trade. EU law restricts transfers of personal data to a degree that is arguably beyond what is permitted under the EU’s WTO commitments. These restrictions may be justified under trade law’s ‘necessity test.’ The article suggests that they may not pass this test. Yet, from an EU law perspective, the right to the protection of personal data is a fundamental right. An international transfer of personal data constitutes a derogation from this right and, therefore, must be consistent with another necessity test, the ‘strict necessity’ test of the derogation clause of the EU Charter of Fundamental Rights. This article shows how a simultaneous application of the trade law and EU Charter ‘necessities’ to EU restrictions on transfers of personal data creates a Catch-22 situation and sketches the ways out of this compliance deadlock.

EU, frontpage, handel, Persoonsgegevens, Privacy

Bibtex

Article{Yakovleva2020d, title = {Personal Data Transfers in International Trade and EU Law: A Tale of Two ‘Necessities’}, author = {Yakovleva, S.}, url = {https://www.ivir.nl/publicaties/download/JWIT_2020.pdf}, year = {1002}, date = {2020-10-02}, journal = {The Journal of World Investment & Trade}, abstract = {Cross-border flows of personal data have become essential for international trade. EU law restricts transfers of personal data to a degree that is arguably beyond what is permitted under the EU’s WTO commitments. These restrictions may be justified under trade law’s ‘necessity test.’ The article suggests that they may not pass this test. Yet, from an EU law perspective, the right to the protection of personal data is a fundamental right. An international transfer of personal data constitutes a derogation from this right and, therefore, must be consistent with another necessity test, the ‘strict necessity’ test of the derogation clause of the EU Charter of Fundamental Rights. This article shows how a simultaneous application of the trade law and EU Charter ‘necessities’ to EU restrictions on transfers of personal data creates a Catch-22 situation and sketches the ways out of this compliance deadlock.}, keywords = {EU, frontpage, handel, Persoonsgegevens, Privacy}, }

Kaleidoscopic data-related enforcement in the digital age external link

Yakovleva, S., Geursen, W. & Arnbak, A.
Common Market Law Review, vol. 57, num: 5, pp: 1461-1494, 2020

Abstract

The interplay between competition, consumer and data protection law, when applied to data collection and processing practices, may lead to situations where several competent authorities can, independently, carry out enforcement actions against the same practice, or where an authority competent to carry out enforcement in one area of law can borrow the concepts of another area to advance its own goals. The authors call this “kaleidoscopic enforcement”. Kaleidoscopic enforcement may undermine existing coordination mechanisms within specif ic areas, and may lead to both the incoherent enforcement of EU rules applicable to data, and to sub-optimal enforcement. An EU level binding inter-disciplinary coordination mechanism between competition, consumer and data protection authorities is needed. Now the Commission has announced ambitious plans to enhance the coherent application of EU law in several areas, it is the perfect time to work towards creating such an enforcement mechanism.

Competition law, Consumer law, Data protection law, enforcement, frontpage, Privacy

Bibtex

Article{Yakovleva2020c, title = {Kaleidoscopic data-related enforcement in the digital age}, author = {Yakovleva, S. and Geursen, W. and Arnbak, A.}, url = {https://www.ivir.nl/publicaties/download/CMLR_2020.pdf}, year = {1001}, date = {2020-10-01}, journal = {Common Market Law Review}, volume = {57}, number = {5}, pages = {1461-1494}, abstract = {The interplay between competition, consumer and data protection law, when applied to data collection and processing practices, may lead to situations where several competent authorities can, independently, carry out enforcement actions against the same practice, or where an authority competent to carry out enforcement in one area of law can borrow the concepts of another area to advance its own goals. The authors call this “kaleidoscopic enforcement”. Kaleidoscopic enforcement may undermine existing coordination mechanisms within specif ic areas, and may lead to both the incoherent enforcement of EU rules applicable to data, and to sub-optimal enforcement. An EU level binding inter-disciplinary coordination mechanism between competition, consumer and data protection authorities is needed. Now the Commission has announced ambitious plans to enhance the coherent application of EU law in several areas, it is the perfect time to work towards creating such an enforcement mechanism.}, keywords = {Competition law, Consumer law, Data protection law, enforcement, frontpage, Privacy}, }