The Golden Age of Personal Data: How to Regulate an Enabling Fundamental Right? external link

Oostveen, M. & Irion, K.
2016

Abstract

New technologies, purposes and applications to process individual’s personal data are developed on a massive scale. But we have not only entered the ‘golden age of personal data’ in terms of its exploitation: ours is also the ‘golden age of personal data’ in terms of regulation of its use. In this contribution, we explain how regulating the processing of an individual’s personal data can be a proxy of intervention, which directly or indirectly could benefit other individual rights and freedoms. Understood as an enabling right, the architecture of EU data protection law is capable of protecting against many of the negative short- and long-term effects of contemporary data processing. The new General Data Protection Regulation certainly strengthens aspects of this core architecture but certain regulatory innovations to cope with technological advancements and the data-driven economy appear less capably of yielding broad protection for individuals fundamental rights and freedoms. We conclude that from the perspective of protecting individual fundamental rights and freedoms, it would be worthwhile to explore alternative (legal) approaches of individual protection in contemporary data processing.

Big data, Data protection, enabling fundamental rights, EU law, General Data Protection Regulation, Privacy

Bibtex

Article{Oostveen2016b, title = {The Golden Age of Personal Data: How to Regulate an Enabling Fundamental Right?}, author = {Oostveen, M. and Irion, K.}, year = {1215}, date = {2016-12-15}, abstract = {New technologies, purposes and applications to process individual’s personal data are developed on a massive scale. But we have not only entered the ‘golden age of personal data’ in terms of its exploitation: ours is also the ‘golden age of personal data’ in terms of regulation of its use. In this contribution, we explain how regulating the processing of an individual’s personal data can be a proxy of intervention, which directly or indirectly could benefit other individual rights and freedoms. Understood as an enabling right, the architecture of EU data protection law is capable of protecting against many of the negative short- and long-term effects of contemporary data processing. The new General Data Protection Regulation certainly strengthens aspects of this core architecture but certain regulatory innovations to cope with technological advancements and the data-driven economy appear less capably of yielding broad protection for individuals fundamental rights and freedoms. We conclude that from the perspective of protecting individual fundamental rights and freedoms, it would be worthwhile to explore alternative (legal) approaches of individual protection in contemporary data processing.}, keywords = {Big data, Data protection, enabling fundamental rights, EU law, General Data Protection Regulation, Privacy}, }

CJEU: external link

S.D. van Leeuwen
European Intellectual Property Review, num: 7, pp: 458-461., 2016

Broadcasting law, collecting societies, communication to the public right, EU law, fees, frontpage, Media law, Mediarecht, retransmission

Bibtex

Article{nokey, title = {CJEU:}, author = {S.D. van Leeuwen}, url = {http://www.ivir.nl/publicaties/download/1818}, year = {0715}, date = {2016-07-15}, journal = {European Intellectual Property Review}, number = {7}, keywords = {Broadcasting law, collecting societies, communication to the public right, EU law, fees, frontpage, Media law, Mediarecht, retransmission}, }

Your Digital Home is No Longer Your Castle: How Cloud Computing Transforms the (Legal) Relationship between Individuals and Their Personal Records external link

International Journal of Law and Information Technology, vol. 23, num: 4, pp: 348-371., 2015

Abstract

In line with the overall trend individuals’ personal affairs, too, are composed of digital records to an increasing amount. At about the same time, the era of local storage in end user equipment is about to give way to remote computing where data resides on third party equipment (cloud computing). Once information, and even the most personal one, is no longer stored on personal equipment the relationship between individual users and their digital assets belonging to them is becoming increasingly abstract. This contribution focuses on the implications of cloud computing for individuals’ unpublicized digital records. The question to be answered is whether - taken together - the progressing virtualization and the disruption of physical control produce a backslide for individual positions of rights. The paper introduces the legal treatment of users’ digital personal records and how a technical transformation in combination with disparate legal protection and prevailing commercial practices are bound to impact the distribution of rights and obligations.

cloud computing, Consumer law, control, EU law, Grondrechten, Privacy, security

Bibtex

Article{nokey, title = {Your Digital Home is No Longer Your Castle: How Cloud Computing Transforms the (Legal) Relationship between Individuals and Their Personal Records}, author = {Irion, K.}, url = {http://www.ivir.nl/publicaties/download/1584.pdf}, doi = {https://doi.org/10.1093/ijlit/eav015}, year = {0929}, date = {2015-09-29}, journal = {International Journal of Law and Information Technology}, volume = {23}, number = {4}, pages = {348-371.}, abstract = {In line with the overall trend individuals’ personal affairs, too, are composed of digital records to an increasing amount. At about the same time, the era of local storage in end user equipment is about to give way to remote computing where data resides on third party equipment (cloud computing). Once information, and even the most personal one, is no longer stored on personal equipment the relationship between individual users and their digital assets belonging to them is becoming increasingly abstract. This contribution focuses on the implications of cloud computing for individuals’ unpublicized digital records. The question to be answered is whether - taken together - the progressing virtualization and the disruption of physical control produce a backslide for individual positions of rights. The paper introduces the legal treatment of users’ digital personal records and how a technical transformation in combination with disparate legal protection and prevailing commercial practices are bound to impact the distribution of rights and obligations.}, keywords = {cloud computing, Consumer law, control, EU law, Grondrechten, Privacy, security}, }

The Court of Justice and the Data Retention Directive in Digital Rights Ireland external link

European Law Review, num: 6, pp: 835-850., 2015

Abstract

In Digital Rights Ireland, the Court of Justice invalidated the 2006 Data Retention Directive, which required private providers to retain for a considerable period electronic communication metadata for law enforcement purposes. In this landmark ruling, the EU judiciary introduced a strict scrutiny test for EU legislative acts that interfere seriously with important rights protected by the Charter of Fundamental Rights and the European Convention on Human Rights—in this case, the rights to privacy and data protection—and applied a rigorous assessment of the proportionality of the measure under the Charter, criticising numerous aspects of the Directive. This article presents and analyses the judgment, discussing its implications for constitutional review and constitutionalism in the European Union, and the substantive and procedural constraints that it imposes on EU and national data retention schemes. It concludes by reflecting on the ruling’s impact on European integration and data related policies.

Data protection, data retention, electronic communications, EU law, Fundamental rights, Grondrechten, Ireland, Personal data, Privacy, proportionality

Bibtex

Article{nokey, title = {The Court of Justice and the Data Retention Directive in Digital Rights Ireland}, author = {Irion, K.}, url = {http://www.ivir.nl/publicaties/download/1456.pdf}, year = {0115}, date = {2015-01-15}, journal = {European Law Review}, number = {6}, abstract = {In Digital Rights Ireland, the Court of Justice invalidated the 2006 Data Retention Directive, which required private providers to retain for a considerable period electronic communication metadata for law enforcement purposes. In this landmark ruling, the EU judiciary introduced a strict scrutiny test for EU legislative acts that interfere seriously with important rights protected by the Charter of Fundamental Rights and the European Convention on Human Rights—in this case, the rights to privacy and data protection—and applied a rigorous assessment of the proportionality of the measure under the Charter, criticising numerous aspects of the Directive. This article presents and analyses the judgment, discussing its implications for constitutional review and constitutionalism in the European Union, and the substantive and procedural constraints that it imposes on EU and national data retention schemes. It concludes by reflecting on the ruling’s impact on European integration and data related policies.}, keywords = {Data protection, data retention, electronic communications, EU law, Fundamental rights, Grondrechten, Ireland, Personal data, Privacy, proportionality}, }

Any Colour You Like: the History (and Future?) of E.U. Communications Security Policy external link

2014

Abstract

This descriptive legal analysis maps and evaluates a four decade legacy of communications security conceptualizations in E.U. law and policy, including four legislative proposals launched in 2013. As the first comprehensive historical analysis of its kind, the paper forwards a range of new scientific contributions in a time secure electronic communications are of historically unparalleled societal, economic and political relevance. Five communications security policy cycles are identified, and their ‘security’ definitions and scope are described. These cycles are: network and information security, data protection, telecommunications, encryption and cybercrime. An evaluation of the current E.U. ‘security’ conceptualizations illuminates the underlying values at stake, the protection offered in current regulations, the formulation of six research themes and an agenda for computer science, political theory and legal research. Despite constitutional values at stake such as privacy and communications freedom and a robust computer science literature, the paper observes a deep lack of conceptual clarity and coherence in E.U. security policymaking. It then concludes that the observed conceptual ambiguity has allowed powerful stakeholders to capture, or paint E.U. network and information security policies in any colour they like.

Constitutional and administrative law, cybersecurity, Data protection, encryption, EU law, network and information security, securitization, Technologie en recht, the c.i.a.-triad

Bibtex

Presentation{nokey, title = {Any Colour You Like: the History (and Future?) of E.U. Communications Security Policy}, author = {Arnbak, A.}, url = {http://www.ivir.nl/publicaties/download/1421.pdf}, year = {1014}, date = {2014-10-14}, abstract = {This descriptive legal analysis maps and evaluates a four decade legacy of communications security conceptualizations in E.U. law and policy, including four legislative proposals launched in 2013. As the first comprehensive historical analysis of its kind, the paper forwards a range of new scientific contributions in a time secure electronic communications are of historically unparalleled societal, economic and political relevance. Five communications security policy cycles are identified, and their ‘security’ definitions and scope are described. These cycles are: network and information security, data protection, telecommunications, encryption and cybercrime. An evaluation of the current E.U. ‘security’ conceptualizations illuminates the underlying values at stake, the protection offered in current regulations, the formulation of six research themes and an agenda for computer science, political theory and legal research. Despite constitutional values at stake such as privacy and communications freedom and a robust computer science literature, the paper observes a deep lack of conceptual clarity and coherence in E.U. security policymaking. It then concludes that the observed conceptual ambiguity has allowed powerful stakeholders to capture, or paint E.U. network and information security policies in any colour they like.}, keywords = {Constitutional and administrative law, cybersecurity, Data protection, encryption, EU law, network and information security, securitization, Technologie en recht, the c.i.a.-triad}, }