Please enable JavaScript.
Coggle requires JavaScript to display documents.
Session 1 - Coggle Diagram
Session 1
Data Protection fundamental rights
Article 12
Universal Declaration of Human Rights (UN, 1948)
- Everyone has the right to the protection of the law against any interference (w/ privacy, family, home, correspondence), or attacks (honor, reputation)
Article 8
The European Convention of Human Rights take on Privacy (1953)
- Right to respect for private & family life, his home and his correspondence
Article 7
EU Charter of Fundamental Rights (2009)
- Respect for private & family life
Article 8
EU Charter of Fundamental Rights (2009)
- Right to the protection of PD
Article 5
-
7 Principles of the GDPR
Lawfulness, Fairness & Transparency
(of a DS data processing)
Purpose Limitation
(2./3. controlling & processing the data needed only for a specified purpose)
Data Minimization
(“2./3.“)
Accuracy
(Data must be accurate & up to date)
Storage limitation
(storing only the necessary identified data for the specified purpose)
Integrity, Confidentiality & Availability
(processing must be done to ensure security, integrity, and confidentiality via encryption)
Accountability
(Data controller must be able to show GDPR compliance with all the principles)
Personal Data
(PII) = any information related to an indiv. (DS) who can be directly or indirectly identified
names, email address
Sensitive personal data
= location info, racial/ethnicity, gender, biometric data, religious beliefs, web cookies, political opinions, member of a trade union, physical or mental health or condition, sexual life etc.
Pseudonymous data
=> can also fall under the definition if it’s relatively easy to ID someone from it
Regulatory compliance
= externally imposed rules where an organization & its employees must mandatorily comply with legal regulations (national/international) and applied to the areas where a company operates
adherence to relevant laws, regulations, and industry standards related to how they collect, use, store, & disclose personal data
limiting legal risk, exposure & the liability of the company
Internally imposed rules & standards of conduct
= other forms of corporate compliance
(ex: adhering to internal policies; codes of good conduct)
Data Protection Law
= giving the DS rights to know, control & decide what happens with his PD
imposes obligations on the data controller & processor on DS's PD
certain categories of PD have a higher degree of protection than others (e.g. SPD)
Legislations
GDPR EU
(adopted from 2016/effective from 2018) => Replaces the
Data Protection Directive
95/46/EC
but it was a Directive and not a Regulation which was
"non-binding"
in all EU member states
E-Privacy Directive
Digital Services Act
(2022) => Replaces the E-Commerce Directive (2000)
EU regulations
Compliance to the
Digital Services Act
is mandatory
Regulates digital commerce & content
Illegal digital content
Transparent advertising
Disinformation
For big tech companies to have a fairer digital economy
Preventing abuse of market power
Ease of entry for new competitors
Limitations on advertisement
Kelsen’s Pyramid ->
Indirect source of law
Constitution, 2. Treaties & International Agreement, 3. Statues (Art. 9 of civil code), 4. Regulations, 5. Contracts & other private agreements (Jurisprudence)
EU Pyramid =
Direct sources of law
TUE (European Convention of Human Rights), TDEU, ECFR (Europe Charter of Fundamental Rights); 2. IT (International Agreement (Traité)); 3. Legislations (regulations + directives) => GDPR as a regulation for ex.; 4. Regulatory acts; 5. Decisions of the European Union Court of Justice
Data Protection
- The measures to safeguard the privacy & security of personal information that can be used to identify an individual
Privacy
(Article 9 FR) = goes beyond DP, it concerns private life such as family life, flying drones over a house etc.
European Union’s GDPR
= example of data protection regulation framework