Skip to main content
main-content

Über dieses Buch

This book provides a snapshot of privacy laws and practices from a varied set of jurisdictions in order to offer guidance on national and international contemporary issues regarding the processing of personal data and serves as an up-to-date resource on the applications and practice-relevant examples of data protection laws in different countries.
Privacy violations emerging at an ever-increasing rate, due to evolving technology and new lifestyles linked to an intensified online presence of ever more individuals, required the design of a novel data protection and privacy regulation. The EU General Data Protection Regulation (GDPR) stands as an example of a regulatory response to these demands.
The authors included in this book offer an in-depth analysis of the national data protection legislation of various countries across different continents, not only including country-specific details but also comparing the idiosyncratic characteristics of these national privacy laws to the GDPR. Valuable comparative information on data protection regulations around the world is thus provided in one concise volume.
Due to the variety of jurisdictions covered and the practical examples focused on, both academics and legal practitioners will find this book especially useful, while for compliance practitioners it can serve as a guide regarding transnational data transfers.
Elif Kiesow Cortez is Senior Lecturer at the International and European Law Program at The Hague University of Applied Sciences in The Netherlands.

Inhaltsverzeichnis

Frontmatter

1. Data Protection Around the World: An Introduction

Abstract
This book serves as an up-to-date resource on the applications and practice-relevant examples of data protection laws in different countries. The snapshot of privacy laws and practices from a varied set of jurisdictions it provides reflects national and international contemporary issues regarding the processing of personal data. The ever-increasing emergence of privacy violations, due to evolving technology and new lifestyles linked to an intensified online presence of ever more individuals, has required the design of a novel data protection and privacy regulation. The contributors to this book offer an in-depth analysis of the national data protection legislation of various countries across different continents, not only including country-specific details but also comparing the idiosyncratic characteristics of these national privacy laws to the EU General Data Protection Regulation (GDPR). Valuable comparative information on data protection regulations around the world is provided in one concise volume.
Elif Kiesow Cortez

2. Data Protection Around the World: Belgium

Abstract
The GDPR is not fully new. Data controllers and processors, who are compliant with the current law, will be able to use this approach as a valid starting point for the implementation of the GDPR. This was the message of the Belgian Privacy Commission in the introductory text to their 13-step-plan to GDPR implementation. An accurate consideration, since Belgium has had a detailed data protection act in place since 1992. This act was amended in order to bring it in line with Directive 95/46/EC. The GDPR implementation law was finally enacted in the shape of a framework act encompassing more than just the GDPR in the summer of 2018 so after the period for transposition expired. Thanks to the proactive attitude of the Belgian Privacy Commission however, publishing recommendations to comply with specific parts of the GDPR, Belgian data controllers and processors received clear guidance even before the implementation law was published. In 2015, Belgium also was the first country in the world to create the function of Secretary of State for Privacy. This unique government post, together with the pending GDPR implementation law and two main developments are highlighted: the reform of the Privacy Commission into a Data Protection Authority that was adopted in 2017 and a high-profile case initiated by the Privacy Commission against Facebook. The latter concerned Facebook’s tracking of Internet users by means of cookies and pixels in breach of the Belgian data protection act of 1992 and contained a significant question regarding which national law applies to the company. Facebook has announced to appeal its conviction by a Brussels court but the applicability of the GDPR may make the question moot.
Els De Busser

3. Data Protection in Estonia

Abstract
The GDPR, which took effect on 25 May 2018, is an ambitious legal act aimed at harmonizing personal data protection and the free flow of data in the European Union. This chapter covers GDPR implementation issues and related topics from an Estonian perspective. The first section (Sect. 3.1) explains the roots of Estonian data protection and gives an overview of the latest developments related to the GDPR and the relevant case law. Section 3.2 offers readers an indication as to how the GDPR interacts with Estonian jurisdiction and identifies the most notable differences and similarities. Section 3.3 focuses on the most prominent issues within Estonian jurisdiction regarding data protection regulations. The main topic in this section is e-governance and the fact that Estonia is one of the recognized pioneers and leaders among modern digital societies. Taken from the perspective of the GDPR, some practices need to be re-evaluated (the cross-use functioning of national databases, the implementation of the “once-only” principle, the openness of state databases, etc.). Section 3.4 gives an overview of the envisaged application of the GDPR within Estonian jurisdiction and the possible problems that may occur when implementing GDPR provisions.
Kärt Salumaa-Lepik, Tanel Kerikmäe, Nele Nisu

4. GDPR in France: A Lot of Communication for a Jurisdiction Well Experienced in the Protection of Personal Data

Abstract
France has been a pioneer country in terms of the protection of personal data, as demonstrated by the Informatique et Libertés law of 1978 and the creation of the national authority known as the CNIL. However, the first harmonization with the European framework of the Directive 95/46/CE occurred late, in 2004. By transposing (incorporating) the EU’s GDPR into French law, via an emergency procedure a few days before its coming into force in the European Union as a whole, France managed to modernize the protection of data with the rise of awareness among companies and public authorities. The CNIL, which received more competences and a better defined territorial application, maintains its role of controlling the regime of the most sensitive data (justice and police) while reminding individuals of the possible use of their rights on their data. Updating the Informatique et Libertés law of 1978 into the GDPR framework without changing its structure creates the problem of readability and confusion which increases the work of communication and requires the CNIL to repeatedly remind simply the new framework in cases. Considering that the grace period for companies to respect the GDPR is over, the CNIL will start its second year of applying the GDPR by moving from primarily informing and warning to sanctions (often for conserving the personal data of users without their consent) and increasing its cooperation with the other national authorities responsible for protecting personal data in the European Union.
Aurelien Lorange

5. Current Data Protection Regulations and Case Law in Greece: Cash as Personal Data, Lengthy Procedures, and Technologies Subjected to Courts’ Interpretations

Abstract
This chapter addresses data protection in Greece. Section 5.1 provides an overview of case law of the Supreme Administrative Court and the Supreme Civil and Criminal Court, but also national laws and the Constitution of Greece. Section 5.2 studies core concepts, such as “control” and “consent”, to detect similarities and differences between the General Data Protection Regulation and Greek law. Section 5.3 examines risks emerging from new technologies to highlight ignorance and confusion with which people may experience their everyday privacy. Section 5.4 addresses data portability as a trust-enhancing tool that could strengthen controllership and promote transparency in the interests of the data subjects. Greek regulations treat the right to the protection of personal data as a fundamental one, while national courts have repeatedly interpreted this right in relation to constitutional principles, under which attention is drawn to the data subject rather than the data processor. However, lengthy administrative and judicial procedures could become an obstacle, while exercising such constitutional rights. Hence, individuals may need to wait for a more-than-a-ten-year-period to get vindicated after severe violations of their sensitive information. Even though the right to the protection of personal data is an aspect of the traditional “offline” right to privacy, today’s digital technologies have also “become subject” to courts’ interpretations. In this chapter, personal data case law is examined, and, simultaneously, references are made to current national laws and the Constitution of Greece. By providing a general image of present-day regulations, this chapter aims to detect ways in which national courts interpret some crucial provisions.
Georgios Bouchagiar, Nikos Koutras

6. Privacy and Personal Data Protection in Indonesia: The Hybrid Paradigm of the Subjective and Objective Approach

Abstract
Recently, the Indonesian media has raised certain issues related to privacy and personal data in the country; in particular, there are concerns about the implications of European Regulation 679/2016 on General Personal Data Protection for Indonesians. Coupled with the case of Facebook and Cambridge Analytica, the news has seized public attention in Indonesia. Since 2008, Indonesia has regulated personal data protection in Article 26 of the Law No. 11 on 2008 concerning electronic information and transaction. This, in turn, was derived from Article 15 of the Government Regulation on e-System Operating and Transaction and then implemented by the Communication and Informatics Ministry Regulation No. 20 on 2016 about Personal Data Protection in e-System. In the meantime, the Government had also drafted the Bill for Personal Data Protection, a single omnibus law designed to more comprehensively regulate and consolidate those issues; the objective was to prevent the complexity and potential disharmony of various levels of laws in the Indonesian national legal system from being a legal barrier to implementation. To bring clarity to the understanding and protection mechanisms, the authors were called upon to straighten out any existing confusion relating to Indonesian telematics laws or the legal convergence of the country’s information and communication law.
Edmon Makarim

7. Data Protection Regulation in the Netherlands

Abstract
In the first section of this chapter, the authors will discuss the existing generic personal data protection regime in the Netherlands and recent or expected legislative changes in and related to this regime in the foreseeable future. The authors will complement this with a high-level overview of sector-specific personal data protection legislation. In Sect. 7.4 they will summarize the changes that the EU General Data Protection Regulation (“GDPR”) has introduced to this regime in the Netherlands. In Sect. 7.5 they will discuss key distinguishing elements of the Dutch personal data protection environment while focusing specifically on the latitude that the GDPR provides Member States for implementation or deviation. In Sect. 7.6 the authors will refer back to Sect. 7.5 by sharing their expectations on how they expect the EU General Data Protection Regulations to affect these prominent issues.
Godelieve Alkemade, Joeri Toet

8. The GDPR Influence on the Tanzanian Data Privacy Law and Practice

Abstract
The recent adoption of the General Data Protection Regulation (GDPR) in the European Union has a worldwide effect on international transfer of personal data. The fact that the GDPR restricts transfer of personal data outside the European Union unless a third country has adequate level of protection of such data, has sparked law and policy reform in third countries in compliance with the GDPR. This chapter provides an overview of the influence the GDPR on the Tanzanian data privacy law and practice.
Alex B. Makulilo

9. Data Protection Around the World: Turkey

Abstract
Like elsewhere in the world, data protection law is a popular topic as an emerging branch in the legal world in Turkey. After the adoption of Law no. 6698 on the Protection of Personal Data (“DPL”) and the formation of the Turkish Data Protection Authority (“DPA”) in 2016, the protection of data subjects’ rights with regards to personal data and privacy has become a major subject of discussions both in the academia and in practice. This chapter deals with Turkey’s stand concerning personal data protection in comparison with the General Data Protection Regulation (“GDPR”). To that extent, this chapter firstly analyses Turkey’s main laws and regulations and case-law with regard to the protection of personal data. This is followed by a comparison of the Turkish DPL with the GDPR, where the strengths and weaknesses of Turkish law in the field of data protection are demonstrated. The chapter concludes with the possible application of the GDPR in Turkey and its impact on the Turkish data protection law.
Başak Erdoğan

10. The United States and the EU’s General Data Protection Regulation

Abstract
This chapter focuses on U.S. information privacy and data protection laws, their similarities and differences with the EU’s General Data Protection Regulation (GDPR), and how the GDPR is likely to affect privacy and data protection in the United States in the years ahead. In contrast to the EU’s omnibus approach to data protection, U.S. privacy laws are “sectoral” in nature, meaning that businesses in different economic sectors are subject to different privacy rules and regulations. Several key federal and state-level privacy protections, including the Fourth Amendment and state privacy torts, as well as regulatory authorities, such as the Federal Trade Commission and state attorneys general, shape the boundaries of the right to privacy in the United States. Regarding the interaction between the GDPR and U.S. law, the conflict between the right to be forgotten and the protection of speech and of the press provided by the First Amendment has been a primary concern. Attention within U.S. privacy circles has also shifted in recent years toward handling data breaches, defining “privacy harms,” and the understanding the interaction of state-level consumer privacy laws—such as the California Consumer Privacy Act of 2018—and legislative efforts at the federal level.
Muge Fazlioglu

11. European Laws’ Effectiveness in Protecting Personal Data

Abstract
The fuel for the digital economy and business is data. Data is being harvested online on an unprecedented scale. Digital enterprises involved in this practice are thus quite active in collecting all sorts of data through pervasive techniques that track and collect huge amounts of information. This practice has drastic consequences for the privacy and security of such data. In order to ensure the security and privacy of those data, European legislators have recently enacted and adopted different legal instruments. However, a mere adoption of laws does not per se guarantee their effectiveness in achieving the intended goal. This presumption underpins the hypothesis of this research which comes down to the following: the mere adoption of legal tools does not automatically guarantee the enhancement of the privacy and security of personal data against online tracking and targeting. By putting this hypothesis to the test, this research attempts to address the question over the extent to which newly created obligations in recently adopted legal tools can effectively enhance and secure the privacy of users’ data against the tracking and targeting practices of digital enterprises. To this end, this study will firstly elaborate on the meaning and scope of the concept of privacy. Secondly, the applicability of privacy in relation to technologies that are employed for tracking and targeting in cyberspace is scrutinized. In the third place, we will take a closer look at the impact of obligations that are imposed on digital enterprises by the new legal instruments. Finally, a conclusion is drawn over the actual effectiveness of these instruments in protecting and securing the privacy of users against the technologies deployed by digital enterprises.
Ambrogino G. Awesta

12. Data Protection Around the World: Future Challenges

Abstract
As new technology becomes more integrated in daily tasks, new challenges to the right to the protection of personal data arise. GDPR aims to be technology neutral to make sure that the protection of the personal data does not depend on the techniques used in processing and is adoptable to the use of new technologies. This chapter will focus on European Data Protection Board guidelines and reports to highlight future GDPR compliance challenges to data protection and privacy in three prominent domains: (1) automated decision making, profiling and artificial intelligence, (2) face recognition technology and video processing, and (3) the newly emerged discussions on public health on the use of contact tracing apps with regards to the coronavirus pandemic and COVID-19. This chapter concludes by highlighting the importance of finding a balance between the right to protection of personal data without hindering the use and the development of innovative technologies in the EU.
Elif Kiesow Cortez
Weitere Informationen