eBook - ePub
Data Protection and Compliance
Second edition
Stewart Room, Stewart Room
This is a test
Buch teilen
- 350 Seiten
- English
- ePUB (handyfreundlich)
- Über iOS und Android verfügbar
eBook - ePub
Data Protection and Compliance
Second edition
Stewart Room, Stewart Room
Angaben zum Buch
Buchvorschau
Inhaltsverzeichnis
Quellenangaben
Über dieses Buch
Large-scale data loss and data privacy compliance breaches continue to make headline news, highlighting the need for stringent data protection policies, especially when personal or commercially sensitive information is at stake. While regulations and legislation exist to address these issues, how organisations can best tailor their compliance approaches to their own operational circumstances has remained an open question. The focus of this book is on operationalising a truly risk-based approach to data protection and compliance, beyond just emphasis on regulatory frameworks and legalistic compliance.
Häufig gestellte Fragen
Wie kann ich mein Abo kündigen?
Gehe einfach zum Kontobereich in den Einstellungen und klicke auf „Abo kündigen“ – ganz einfach. Nachdem du gekündigt hast, bleibt deine Mitgliedschaft für den verbleibenden Abozeitraum, den du bereits bezahlt hast, aktiv. Mehr Informationen hier.
(Wie) Kann ich Bücher herunterladen?
Derzeit stehen all unsere auf Mobilgeräte reagierenden ePub-Bücher zum Download über die App zur Verfügung. Die meisten unserer PDFs stehen ebenfalls zum Download bereit; wir arbeiten daran, auch die übrigen PDFs zum Download anzubieten, bei denen dies aktuell noch nicht möglich ist. Weitere Informationen hier.
Welcher Unterschied besteht bei den Preisen zwischen den Aboplänen?
Mit beiden Aboplänen erhältst du vollen Zugang zur Bibliothek und allen Funktionen von Perlego. Die einzigen Unterschiede bestehen im Preis und dem Abozeitraum: Mit dem Jahresabo sparst du auf 12 Monate gerechnet im Vergleich zum Monatsabo rund 30 %.
Was ist Perlego?
Wir sind ein Online-Abodienst für Lehrbücher, bei dem du für weniger als den Preis eines einzelnen Buches pro Monat Zugang zu einer ganzen Online-Bibliothek erhältst. Mit über 1 Million Büchern zu über 1.000 verschiedenen Themen haben wir bestimmt alles, was du brauchst! Weitere Informationen hier.
Unterstützt Perlego Text-zu-Sprache?
Achte auf das Symbol zum Vorlesen in deinem nächsten Buch, um zu sehen, ob du es dir auch anhören kannst. Bei diesem Tool wird dir Text laut vorgelesen, wobei der Text beim Vorlesen auch grafisch hervorgehoben wird. Du kannst das Vorlesen jederzeit anhalten, beschleunigen und verlangsamen. Weitere Informationen hier.
Ist Data Protection and Compliance als Online-PDF/ePub verfügbar?
Ja, du hast Zugang zu Data Protection and Compliance von Stewart Room, Stewart Room im PDF- und/oder ePub-Format sowie zu anderen beliebten Büchern aus Law & Science & Technology Law. Aus unserem Katalog stehen dir über 1 Million Bücher zur Verfügung.
Information
PART I
THE BIG PICTURE
1 INTRODUCTION TO DATA PROTECTION
Stewart Room
This chapter acts as the foundation stone for all the issues discussed in this book. It introduces the core aims and objectives of data protection; explains how the topic relates to the right to privacy; provides illustrations of some of the critical priorities in this area; and identifies the main sources of law.
WHAT IS DATA PROTECTION?
The idea of ‘data protection’ can be looked at in several ways. In an operational sense, it means achieving predefined outcomes during the collection, use and storage of personal data, which is called ‘data processing’. In a legal sense, it means the regulatory framework that governs these activities. In a colloquial and limited sense, it is sometimes viewed as a synonym for the security of data, but this would not be representative of the established European view of things.
Taking the General Data Protection Regulation 2016 (GDPR) as a starting point, the title of this legislation clarifies that data protection means ‘the protection of natural persons with regard to the processing of personal data and … the free movement of such data’. Recital 6 of the GDPR summarises the issues perfectly.
GDPR R.6 – Goals of data protection
Rapid technological developments and globalisation have brought new challenges for the protection of personal data. The scale of the collection and sharing of personal data has increased significantly. Technology allows both private companies and public authorities to make use of personal data on an unprecedented scale in order to pursue their activities. Natural persons increasingly make personal information available publicly and globally. Technology has transformed both the economy and social life, and should further facilitate the free flow of personal data within the Union and the transfer to third countries and international organisations, while ensuring a high level of the protection of personal data.
DOES DATA PROTECTION MEANS PRIVACY?
To emphasise a point that is implicit within the title of the GDPR but not always obvious, the topic of data protection is not simply about the concept of privacy. In fact, many aspects of the law cut through the concept of privacy, such as the support that it gives to sharing of personal data in the public interest, that is, without the consent or permission of the person whose data are affected.
However, the modern concept of data protection does have its historical root in privacy law. This is demonstrated by the text in the Council of Europe Resolution (73) 22, explanatory report box, which is from the Council’s 1973 Resolution on private sector1 data banks. The 1973 Resolution was a landmark event in data protection, as it provided one of the first statements of the data protection principles: the principles are the foundation stone upon which all forms of data protection law are built. It was followed in 1974 by a companion resolution for the public sector.2
Perhaps the best way to look at how privacy relates to the topic of data protection is to see it as being a very significant part of the topic, but the topic is much bigger than privacy. Due to the significance of the topic of privacy within data protection, it is worth looking into it a little further at this stage.
Council of Europe Resolution (73) 22, explanatory report
1. It is generally recognised that the development of modern science and technology, which enable man to attain an advanced standard of living, brings in its wake certain dangers threatening the rights of individuals. This is the case, for instance, with the utilisation of new techniques for surveillance or observation of persons and for compiling and processing data pertaining to them,
2. A survey, conducted in 1968–70 by the Committee of Experts on Human Rights of the Council of Europe, on the legislation of the Member States with regard to human rights and modern scientific and technological developments has shown that the existing law does not provide sufficient protection for the citizen against intrusions on privacy by technical devices …
3. A particular new source of possible intrusion into privacy has been created by the rapid growth and popularisation of computer technology. The purposes which computers are increasingly serving in the public and private sectors are by themselves not basically different from those served by more traditional forms of data storage and processing.
What is privacy?
There are many philosophical threads of ideas within the right to privacy, which cover concepts such as ‘the right to be let alone’,3 through to the concept of personal data protection within the GDPR.
The right to privacy was crystallised within the European Convention on Human Rights (ECHR) in 1950 (see Article 8) and was restated by the EU Charter of Fundamental Rights in 2012 (see Article 7). In the UK the right to privacy has developed into a tort known as the tort of misuse of private information, a civil law right, breach of which is actionable in court and compensatable in damages. Table 1.1 sets out the wording of the right to privacy as it has crystallised within pan-European law.
Table 1.1 The right to privacy
European Convention on Human Rights | Charter of Fundamental Rights of the European Union |
Article 8: Right to respect for private and family life 1. Everyone has the right to respect for his private and family life, his home and his correspondence. 2. There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others. | Article 7: Respect for private and family life Everyone has the right to respect for their private and family life, home and communications. |
Are there exceptions to the right to privacy?
The right to privacy is not an absolute right. As shown by Article 8.2 of the ECHR, privacy can be interfered with, if the interference is authorised by law and is necessary and proportionate. This means that when questions about interferences with privacy come to be judged, a balancing act must be performed to understand both the legal justification for the interference and how the right to privacy compares with other competing rights in a relative sense.
Privacy versus freedom of expression
A common situation where the balancing act needs to be performed is during press and media reporting of news stories, when the right to freedom of expression, crystallised by Article 10 of the ECHR, competes with the right to privacy. There have been countless court cases about this, often concerning celebrities,4 sportspeople5 and royalty,6 and they will never end. The phone-hacking scandal, which led to the Leveson Inquiry and the closure of the News of the World newspaper, as well as the prosecution and imprisonment of various people in the newspaper industry, illustrates the damage that can be done when the exercise of the right of freedom of expression fails to have regard to the balancing act.
Privacy versus security and law enforcement
Security and law and enforcement agencies override the right to privacy in the interests of national security, public safety, the prevention of disorder and crime and related public interests encapsulated by Article 8.2. Again, the balancing act must be performed and as with the case of freedom of expression, this has generated countless court cases and scandals. Example...